I would need some help. I need to login to a member section of a website and get authenticate at the index.asp before i can reach tools.asp, another page i will use.
I see that the member section do not use cookie. It used session.
I had tried reaching tools.asp directly (with all the variable pass in together in a url ...example: http://page.com/tools.asp?user=id&pass=pass). However, it will redirect me back to index.asp , asking me to authenticate first.
Is there a way to skip index.asp and go directly to tools.asp?
You can not get the page which needs user to authenticate first since the page will check the session and see if you are already logged in. I.e., session("loggedIn") = FALSE or TRUE. It does not matter if you pass the variable to the URL.
Do not pass user/password information as a "GET"-style variable (i.e. as part of the URL)! (No, no, no! Bad doggie! No biscuit! No biscuit!)
What you need to do is to store, as part of the session information, "whether or not this user has completed login, and if so, as whom." If the user has not, you promptly redirect him to the login screen. (This is a logical chore for a common subroutine in a module shared by all the pages.) The login page, which really should be a secured page, is the one which checks this information and stores the setting in the session-data. This data is stored only on the server.
If you want to implement "automatic login," that's a separate kettle o' fish. What you do there is to store a cookie with a randomly-generated value; then remember the cookie-value and its meaning in a database table. If the user arrives and can present that cookie, you accept the login. (And I suggest that you expire that cookie and set another value.) The aforementioned common-function can handle both tasks, i.e. "well, he hasn't logged in yet, but his cookie's good so we'll accept that."