Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multiple sessions??

Status
Not open for further replies.
bobbygwd

bobbygwd

Programmer
Jun 21, 2001
15
US
Ok guys, I've got this user authentication set up with access database. Now, when they put in their username, based upon what their username is, it takes them to either page1.asp, page2.asp, or page 3.asp. My problem is, is that I only set one session variable to make sure that they're logged in, but once they sign in, they are capable of viewing either page1.asp, page2.asp or page 3.asp. I need to make is so they can only access their specified page. I'm figuring I may need to set up multiple sessions based upon their username, and then check within each site which session was still active. How would I go about doing this??

Thanks!
Bobby Gordon
 
Sort by date Sort by votes
add another column to your "user" table called for example "access_level" and assign user a level (ex. 1,2,3 meaning admin, power user,etc). Then on your login page, once verified username and password, set access level session along with "logged" session. Later you can check permission for particular page and kick user out or display a message. this is one of the many ways of doing it. depending on how many pages you have, you could also put page(sript) names(pages1.asp,page2.asp) into user table. create an include file that will be included into every page that need permission validation. in your include page check if user record (or session set earlier)contains current page and do re-direct or message.
 
Upvote 0 Downvote
I have the levels set up already and it checks them so see what page to go to, but I'm only setting one session variable and I think that I may need to set one for each level so that based up their session it will either let them stay or kick them out, while not letting them access any of the other pages.
 
Upvote 0 Downvote
You don't need anything else, then.

You just need a check at the top of each of your pages:

if session(&quot;accessLevel&quot;) <> 1 then
response.write(&quot;access denied&quot;)
response.end
end if

The above statement supposes that the access level needs to be set to 1 in order to have access to that portion of the site. Any other access levels will just get denied.

Of course, that statement would change depending on what page they were on.

:)
paul
penny.gif
penny.gif
 
Upvote 0 Downvote
that reminds me... do you always need a response.end after a response.write? what exactly is the significance of the response.end
 
Upvote 0 Downvote
response.end stops the output of the current page, so:

response.write(&quot;hello&quot;)
response.end
response.write(&quot;world&quot;)

in this case, you'd never see the &quot;world&quot;

So an answer to your question, no, you should not put response.end after response.write(), unless you want the page to stop executing.

:)
paul
penny.gif
penny.gif
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
Classic ASP multiple record update with Access
Replies
7
Views
346
dhookom
dhookom
gesrod
  • Locked
  • Question
Multiple search criteria
Replies
2
Views
148
gesrod
gesrod
nwo4life
  • Locked
  • Question
Paypal add to cart for multiple quantities and colors
Replies
6
Views
155
ChrisHirst
ChrisHirst
dekesc
  • Locked
  • Question
porblem with quotes in building an ADO SELECT with multiple AND's
Replies
7
Views
139
dekesc
dekesc
xrum
  • Locked
  • Question
Transaction cannot have multiple recordsets with this cursor type.
Replies
8
Views
270
BigRed1212
BigRed1212

Part and Inventory Search

Sponsor

Back
Top