Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

session variables

Status
Not open for further replies.
JohannIcon

JohannIcon

Programmer
Sep 3, 2002
440
MT
Hello All,

I have a problem with the session variables. I set a session varaible in the login page and everything is working fine. However, when the user presses the back button on the Internet Explorer toolbar, he can access the admin.asp page without the need to login. Can I set something so that when the user presses the back button on the Internet Explorer toolbar, he does not have access to the admin.asp page?

Thanks for your help and time
 
Sort by date Sort by votes
Well, in your "login.asp", set a session variable that says if the currently logged user is an admin or not :
Code: 
session("IsAdmin") = "true" 'or false depending on the profile.
Then in your Admin.asp page, add the following lines at the top :
Code: 
<%
dim isAdmin
isAdmin=session(&quot;IsAdmin&quot;)
if isAdmin <> &quot;true&quot; then
   response.redirect(&quot;notAllowed.asp&quot;)
end if
%>
where &quot;notAllowed.asp&quot; is a single page showing an error message. Water is not bad as soon as it stays out human body ;-)
 
Upvote 0 Downvote
Yeah that is working fine. The only problem is with Internet Explorer Back button. I do not know if it is a common problem and if there is anything to do about it.
 
Upvote 0 Downvote
You mean that this code works fine in general but not in case of &quot;back&quot; button ?
Water is not bad as soon as it stays out human body ;-)
 
Upvote 0 Downvote
Yeah, and by the back button, I mean the one there is on the Internet Explorer toolbar. I do not know if it is a common thing or else if it is my code.
 
Upvote 0 Downvote
In general, when user presses &quot;back&quot; button to reach an asp page, he's being told that &quot;the page cannot be reached unless you send back informations&quot; (or something like that, my IE is french version). Are you sure that the back button leads you to the good page ?
In all cases, my advice is to add the session variable verification :
Code: 
<%
dim isAdmin
isAdmin=session(&quot;IsAdmin&quot;)
if isAdmin <> &quot;true&quot; then
   response.redirect(&quot;notAllowed.asp&quot;)
end if
%>
on ALL your pages to avoid problems. Water is not bad as soon as it stays out human body ;-)
 
Upvote 0 Downvote
Ok thanks for your help, but I already included it in my asp page like this:-

<%
if not Session(&quot;Secure&quot;) then response.redirect(&quot;administration.asp&quot;)
%>

and this is in the beginning of the asp page. Infact when I try to access it directly, it does not allow me, which is fine
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

how2trainyourdragon
  • Locked
  • Question
Request.Server variables blank for classic ASP
Replies
12
Views
1K
GriffMG
GriffMG
leifoet
  • Locked
  • Question
How to link a condition to a session(&quot;UID&quot;) ?
Replies
14
Views
542
leifoet
leifoet
DIDwebs
  • Locked
  • Question
Remaining time before the session timeout expires IIS
Replies
1
Views
231
ChrisHirst
ChrisHirst
robsuttonjr
  • Locked
  • Question
ASP Classic duplicated variables
Replies
5
Views
208
guitarzan
guitarzan
gesrod
  • Locked
  • Question
Session variable
Replies
4
Views
216
gesrod
gesrod

Part and Inventory Search

Sponsor

Back
Top