Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

using session variables for security to view information.

Status
Not open for further replies.

sgore

Programmer
Jul 22, 2001
30
CA
I have created a registration site that will assign users a security code. When the user logs onto the site this security code is stored in a session variable. This code is then used to when accessing different pages. The user will only be able to see information for that particular security code. For example (basic user, admin user, ect).

************

Here is how I get my information from the DB:
securityLVL = number (Access DB)

'*** Set up database connection
set Conn=server.createobject("adodb.connection")
sConnection="PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE="
sConnection=sConnection & server.mappath("tmp.mdb")& ";"

Conn.Open sConnection

sSQL = "SELECT * FROM pass WHERE uname = '" & myname & "'"
Set oRS = Conn.Execute(sSQL)

*****************
Here is where I set my security level:

SESSION("securityLVL") = oRS("securityLVL")

*****************

This is what I place at the top of my .asp files


IF SESSION(&quot;securityLVL&quot;) <> 1 OR SESSION(&quot;securityLVL&quot;) = &quot;&quot; THEN
Response.Write &quot;You are not authorized to access to this page!!&quot;
ELSE
user has access

This portion works fine if the users secLVL is 1, however if I add an additional OR:

IF SESSION(&quot;securityLVL&quot;) <> 1 OR SESSION(&quot;securityLVL&quot;)<> 3 OR SESSION(&quot;securityLVL&quot;) = &quot;&quot; THEN

and the user has secLVL of 3 the statement fails and the user gets the not authorized message.

any ideas on a better way to check this value??

 
Change it to this

IF (SESSION(&quot;securityLVL&quot;) <> 1 AND SESSION(&quot;securityLVL&quot;)<> 3) OR SESSION(&quot;securityLVL&quot;) = &quot;&quot; THEN

That should work
 
Also try writing it to a local variable, and then doing your check. No sense in grabbing the session varialbe 3 times to check it, when you can jsut grab it once.
 
Thanks for the help... It is working now...
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top