Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Session question

Status
Not open for further replies.
jimmythegeek

jimmythegeek

Programmer
May 26, 2000
770
US
I have an ASP Login page that opens SQL Server and sets a session variable

Session("AdminPassword")

Works fine.

My question is, if I use client side validation to verify the password the user enters, can I NOT refer to the session variable because it is not running at the server? I am currently getting an error "Type Mismatch session"

===============
<Script Language=&quot;VBScript&quot;>
Sub cmdSubmit_OnClick()
If document.frmLogin.elements(&quot;txtPassword&quot;).value = Session(&quot;AdminPassword&quot;) Then
document.location = &quot;admin.asp&quot;
Else
MsgBox &quot;You have entered an incorrect password, please try again.&quot;, 64, &quot; Incorrect Password&quot;
document.frmLogin.elements(&quot;txtPassword&quot;).focus
End If
End Sub
</Script>
===============

If I cannot do it this way, is there a way to mix client side script with session variables. I hope I asked the question correctly.

Thanks in advance. Jim Lunde
compugeeks@hotmail.com
We all agree your theory is crazy, but is it crazy enough?
 
Sort by date Sort by votes
No, the client does not have access to session variables. You could, in the ASP script, write the value of a session variable into the HTML as a hidden form element. The client-side script could then get it. And of course the ASP script has access to form data.
 
Upvote 0 Downvote
I thought about that, but if the user views the page source, won't they see the value that you've written to html? Jim Lunde
compugeeks@hotmail.com
We all agree your theory is crazy, but is it crazy enough?
 
Upvote 0 Downvote
Yes, they will be able to see it.

However, what I do sometimes is have a main page, which pops up a window asking for password. They enter the password, hit submit, the popup reloads itself, validates the password, and then either

(1) closes the window and lets them continue

or

(2) redirects the main page to a login error page, or just reloads the main page, popping the window again, indicating they entered an invalid password.

In both cases, when the popup is done, it will close.

Lemme know if you would like some code, but that's the basic idea.

:)
paul
penny.gif
penny.gif
 
Upvote 0 Downvote
hey oce the user enters his username and password and submits the form instead of puting the password in the session vriables, validate the password with the entered on. If they are correct then proceed else send him/her back to login page and write an error message saying wrong password.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
How to link a condition to a session(&quot;UID&quot;) ?
Replies
14
Views
486
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
fso Question 1
Replies
3
Views
192
Offera
Offera
DIDwebs
  • Locked
  • Question
Remaining time before the session timeout expires IIS
Replies
1
Views
200
ChrisHirst
ChrisHirst
gesrod
  • Locked
  • Question
Session variable
Replies
4
Views
192
gesrod
gesrod
axLW
  • Locked
  • Question
Session Variables Being Lost
Replies
18
Views
311
axLW
axLW

Part and Inventory Search

Sponsor

Back
Top