allowing access using sessions

[bobbygwd]

I'm trying to figure out how to do this session thing, when a user logs in. I have my login page, and based on their username I have them either go to page 1.asp, 2.asp or 3.asp

I know that in 1.asp,2.asp, and 3.asp i need to have some sort of code that recognizes if the user's login session is still active. i have placed a session.abandon statement on the login page to reset the session anytime someone logs in again. But I need to know what to put on 1,2,3.asp so that if someone is not currently logged in, it will take them to the login page.

How should I go about doing this?

-Bobby Gordon

 

[krappleby025]

set up the following on the global.asa file

Session_OnStart
Session("valid&quot = false
Session_OnEnd
Session("valid&quot = false

then on your login script, if the password is correct place
session("valid&quot = true

then on each of your pages you only need to put

if session("valid&quot = false then
response.redirect ("login.asp&quot
else
(Your page here)
End if

hope that helps

 

[bobbygwd]

what is the "global.asa" file?

 

[Ovatvvon]

make another .asp page that says somthing like this:


---checkAccess.asp---------------------
<%
If session(&quot;userFlag&quot <> True Then
response.redirect(&quot;login.asp&quot
End If
%>



Then insert that at line 1: of every page you want to be restricted to member access:



---Page1.asp---------------------------------
1: <!-- #include file=&quot;checkAccess.asp&quot; -->
2: <html>
3: <head>
4: <title>Check For Access Page</title>
5: </head>
6: <body>
7: Member Page
8: </body>
9: </html>



The only other thing you have to do is on the login processing page...once you've verified that the user logging in is actually a valid user, then before you redirect to the page you want to send them to, set the session variable as true:


---Proccessing Page--------------
<%
Dim id, pw
id = request.form(&quot;id&quot
pw = request.form(&quot;pw&quot

If id=&quot;john&quot; and pw=&quot;myPassword&quot; Then
session(&quot;userFlag&quot = True
response.redirect(&quot;page1.asp&quot
Elseif id=&quot;sarah&quot; and pw=&quot;sarahsmith&quot; Then
session(&quot;userFlag&quot = True
response.redirect(&quot;page2.asp&quot
End If
%>


Hope this helps. -Ovatvvon :-Q

 

[Ovatvvon]

The global.asa file is a single file associated with each site. It is not mandatory, but can be helpfull in certain situations. I don't think you'll need to use it in this situation...I use a very similar scenario as I have listed above in a lot of my sites. Also, I'd make it an include file rather than putting the same few lines in every page...this way if for any reason at all you want to change it, or add to it in the future, you only have to change one file vs. every page that you've restricted as a member page.

The global.asa file can be used to execute certain processes or scripts upon the beginning or end of the session relationshiop to the user or the application scope to the site of the server.

Again, I don't think it is necessary to use it in this situation. -Ovatvvon :-Q