Results 1 to 7 of 7
  1. #1
    Join Date
    Jan 2004
    Posts
    3

    Unanswered: Tricky problem. need your help

    Hi all,

    I would need some help. I need to login to a member section of a website and get authenticate at the index.asp before i can reach tools.asp, another page i will use.

    I see that the member section do not use cookie. It used session.

    I had tried reaching tools.asp directly (with all the variable pass in together in a url ...example: http://page.com/tools.asp?user=id&pass=pass). However, it will redirect me back to index.asp , asking me to authenticate first.

    Is there a way to skip index.asp and go directly to tools.asp?

    Regards,
    Joseph

  2. #2
    Join Date
    Dec 2003
    Posts
    454
    You can not get the page which needs user to authenticate first since the page will check the session and see if you are already logged in. I.e., session("loggedIn") = FALSE or TRUE. It does not matter if you pass the variable to the URL.
    Last edited by gyuan; 01-10-04 at 15:29.

  3. #3
    Join Date
    Jan 2004
    Posts
    3
    I need to know the name of the session variable in this case?

  4. #4
    Join Date
    Dec 2003
    Posts
    454
    Even if you know the name of the session, you can not assign a value to the session on the URL. Can you tell me what you want to do? Do you want to skip the login to get on the member page?

  5. #5
    Join Date
    Jan 2004
    Posts
    3
    Yup. I wanna skip the login to get to the member page.

    so far, still figuring it out.

  6. #6
    Join Date
    Dec 2003
    Posts
    454
    If you want the registered users to skip the login to get on the member pages, you need to set the cookies on client's computers.

  7. #7
    Join Date
    Oct 2003
    Posts
    706

    Exclamation

    Do not pass user/password information as a "GET"-style variable (i.e. as part of the URL)! (No, no, no! Bad doggie! No biscuit! No biscuit!)

    What you need to do is to store, as part of the session information, "whether or not this user has completed login, and if so, as whom." If the user has not, you promptly redirect him to the login screen. (This is a logical chore for a common subroutine in a module shared by all the pages.) The login page, which really should be a secured page, is the one which checks this information and stores the setting in the session-data. This data is stored only on the server.

    If you want to implement "automatic login," that's a separate kettle o' fish. What you do there is to store a cookie with a randomly-generated value; then remember the cookie-value and its meaning in a database table. If the user arrives and can present that cookie, you accept the login. (And I suggest that you expire that cookie and set another value.) The aforementioned common-function can handle both tasks, i.e. "well, he hasn't logged in yet, but his cookie's good so we'll accept that."
    ChimneySweep(R): fast, automatic
    table repair at a click of the
    mouse! http://www.sundialservices.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •