session variable 1

[611brain]

Hi,

I want to create a security system and prevent someone from bypassing my uservalidation.asp.

for example: in uservalidation.asp

I created username and password for users. I don't want any users that bypass this page and go to onlineshop.asp. only those with valid username and passwords should be allowed to see onlineshop.asp. if someone enter onlineshop.asp page without validating then they should be redirect to uservalidation.asp.

So what i have to change in uservalidation.asp and onlineshop.asp?

I know I have to write session variable code at top of the onlineshop.asp.

i know to redirect someone then use this code:
response.redirect "uservalidation.asp"

I am not sure about session variables for this cause

thanks

 

[tsuji]

One each page of the application, you check a session variable, named for instance, session("username"). If it is empty, you can redirect it to uservalidation.asp. If not, the page display as normal. For the application, the only place to set the variable is on unservalidation.asp. After validated the request("username"), you simply assign it to the session, like this.
[tt]session("username")=request("username")[/tt]
ps: If you need more help, you should post question to our asp-dedicated forum:

http://www.tek-tips.com/threadminder.cfm?pid=333

ps: If you post a question, you should not change the radio button to "Helpful Tips" checked, and should keep the default "Question" checked in step 1.