How to use login name to be part of another page?

Hello!

I have a login page where i validate my user id and password... this part is done... I need to get the user id to the next page i am showing...

Example like:
-------------------------------
Login Page
userid : abc
pwd : XXXXX

Authentication Successful
---------------------------------
Next Page:

Welcome abc ---> i want it here
----------------------------------

Anyone can show me how shld i do it...

Thanks for reading my post

i would suggest using cookies. then you can just set a cookie to the username and id. it would look something like this.

and then when you want to recall that once they are logged in you can just output it like this.


let me know if this works!

The Don's got the right idea. You may want to check if the user has Cookies enabled or disabled before doing this though.

response.cookies("test") = "chump"
If request.cookies("test") <> "chump" then
Response.Redirect("no_cookies.asp")
end if

Just out of interest, Session variables would also acheive the same effect...but which would be th ebest method? session vars. or cookies?

i would suggest cookies. that way if their session gets terminated for some reason (disconnection etc) they will not get kicked out. also, session variables tend to eat up alot of memory, and the memory isn't always reallocated when your user terminates there session.

that's entirely dependent on the level of security you want. I use sessions because i don't like usernames sitting around in the cookie jar so that keeps at least one more bit of information out of people's hands (login name). If you have 40 billion people hitting your website at once, then yeah, sessions are going to be rough on it, otherwise they don't take up that much memory and are usually leased for 20 minutes.

well, look at the bright side, if a user stays *idle* in the website for x minutes, then the session expires, and therefore kicks out that user. Isn't that called security feature? i agree with unatratnag. Of course don't put all your variables into sessions!!

I didn't know Session Expiration to be as much of a security feature as it was a method of the server attempting to open up un-used resources.

oh absolutely a security feature as well, a common hack is session hijacking, if i nab your session you're subject to a classic man-in-the-middle attack

hey guys, you know what? we've side tracked from hamster84's question. sorry hamster84.

anyway, you could also do this.

== on the login page ==
' after validating yr userid & password,
' if validation is true
response.redirect "welcome.asp?userid=<%=UserId%>"
response.end
else
' yr error msg here.
end if


== on the welcome.asp page ==
Welcome <%=trim(request.querystring("UserId"))%>

oops

but don't do the querystring, just use the session variable.

any particular reason unatratnag? just curious only. any comments is valuable to everybody. tks for the input though.

well if he's using sessions, there's no need to put the login in the URL. Plus if you do that the coder might be tempted to use the querystring object instead of the session variable for example querying information from db where id = request.querystring('user'). In which case i could type in user=pda8333 in my browser and hunt you down and kill you. This is all theoretical of course

theoratical u r absolutely correct. but how do you know his db & field name?

since we're talking "sessions" and "login details", i'll post a new topic regarding "sessions" outside of hamster84's thread. not fair to him/her.

Oh i disagree, i think hamsters getting a very valuable lesson alright, but to close this topic
if the code says

I don't have to do any coding, it automatically updates to your info when i change the URL. This could happen if i bring someone else to update the page and they see the querystring and don't know we're doing authentication through sessions and use the quersysting and pop, right there is a big security flaw.

but in reference to not knowing the table name, i wouldn't rely on that it's pretty easy to do injection attacks to not well written pages (or brute force for the highly determined)