|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
June 16th, 2003, 09:23 AM
|
||||
|
||||
authenticating w/ session variables
i have some pages in a web site that are behind a password protected page. i need to keep them from being bookmarked and other wise linked to directly without logging in. the log in works fine. i've seen some other code that tries to do this, but it is (for my use) rather complicated, and i haven't been able to make anything work. i wrote a quick "authenticate.asp" file
<% dim UserID UserID=Session("Admin") If NOT (UserID = "gohamel") AND NOT (UserID= "djanke") AND NOT (UserID= "jhroy") Then Response.Write "You are not authorized to view this page. Please log in" Response.Redirect "Login.asp" End IF %> which i thought would just check the session variable to see if it was one of the 3 allowed admin. the Session("Admin") part is set in the program that logs in, and the line <% response.write "your session name is " & Session("Admin") %> returns that Session("Admin") is indeed one of the right three, it just doesn't work in my little authenticate part. i must have a concept problem or something. anyone able to help? i just need to kick the user to the login page unless they have logged in as one of the 3 admins, no other checking needed. thanks in advance
|
|
#2
June 16th, 2003, 09:25 AM
|
||||
|
||||
|
oh, in case it helps: i don't get an error message or anything from the pages i have included the check on, it just redirects everyone to the login page all the time, even the admins who it should allow
|
|
#3
June 16th, 2003, 10:57 AM
|
||||
|
||||
|
boy do i feel foolish, lol. honest, i have tried this thing called "programming" before, not that you can always tell...
|
|
#5
June 16th, 2003, 12:40 PM
|
||||
|
||||
|
using this modified code:
Quote:
i recieve this output in the browser: You are not authorized to view this page. Please log inFalse at the same time the original page shows your session name is djanke which is one of the authorized names, so i don't get it Last edited by karsh44 : June 16th, 2003 at 12:53 PM.
|
|
#6
June 16th, 2003, 01:31 PM
|
||||
|
||||
|
if it worked for you, i'll assume the authentication itself is right, and see about how the other file sets the session. i'll post another question if i run into trouble again. thanks for your help
|
|
#7
June 24th, 2003, 07:56 AM
|
||||
|
||||
|
Solution
Just in case anyone else has a problem similar to this or something, I changed the authentication code to check for an empty session
Code:
<%
If Session("Admin")="" Then
Response.Write "You are not authorized to view this page. Please log in."
Response.Redirect "Login.asp"
End IF
%>
This way, they can't just go to the marked pages, (bc they would have an empty session), and they can't log it with another name (that is caught by the login page). I also disabled page cacheing, and it is working perfectly.
__________________
--Dave-- U2kgSG9jIExlZ2VyZSBTY2lzLCBOaW1pdW0gRXJ1ZGl0aW9uaXMgSGFiZXM=
|
|
| Viewing: Dev Shed Forums > Programming Languages - More > ASP Programming > authenticating w/ session variables |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
