Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
what is session
- Thread starter broloc
- Start date
session in simple terms is from the point the user enters to the point the user leaves the site. A session variable in this case applies to that particular user and when the user has left the site the seesion will either be omitted or saved in a sense into a application var.
Session variables give you options such as length of time per visit. average time per visit. user identity. etc.. I may not get it the 1st or 2nd time,
but how sweet that 15th time can be.
Session variables give you options such as length of time per visit. average time per visit. user identity. etc.. I may not get it the 1st or 2nd time,
but how sweet that 15th time can be.
- Thread starter
- #3
To be honest I don't think I would ever write it that way but it means that
session("ADminAUth"
' this is the session variable
not equal to the string "Authorized"
<> is a comparison operator that means not equal
I may not get it the 1st or 2nd time,
but how sweet that 15th time can be.
session("ADminAUth"
' this is the session variablenot equal to the string "Authorized"
<> is a comparison operator that means not equal
I may not get it the 1st or 2nd time,
but how sweet that 15th time can be.
this sounds like it is part of a logon function or check to see for access to something. probably in a if statement, correct. The user must have been prompt to enter some kind of value in the seesion on_start to populate the session("ADminAUth" to latter be checked for viewing rights etc I may not get it the 1st or 2nd time,
but how sweet that 15th time can be.
to latter be checked for viewing rights etc I may not get it the 1st or 2nd time,but how sweet that 15th time can be.
- Thread starter
- #6
yeah u r right,it is part of logon.i dont understand what do u mean by "The user must have been prompt to enter some kind of value in the seesion on_start to populate the session("ADminAUth" to latter be checked for viewing rights etc ".do u mean that when session(adminauth)= authorized then it will start to go to another page?
to latter be checked for viewing rights etc ".do u mean that when session(adminauth)= authorized then it will start to go to another page?I mean when the user entered the sight there must be a text area to fill in and submit to give the session variable a value to be checked against a validation script. It sounds like you're making it harder then what it is. whenever you see the Session(" " statement it is jsut referencing a variable. I may not get it the 1st or 2nd time,
but how sweet that 15th time can be.
statement it is jsut referencing a variable. I may not get it the 1st or 2nd time,but how sweet that 15th time can be.
onpnt...this may seem a bit long winded, but if you read it...it should answer your question(s):
The session is automatically started when the user goes to your site. Think of it as walking into a grocery store...you automatically pick up a hand basket, or grab a roller-cart. Even if you end up never grabbing anything off the shelves and buying anything...you are still carrying the basket around with you. Likewise, you will have the session active for each user. Each session is private to that user...just like you have your own personal basket at the grocery store.
The session("ADminAUth" variable you talk about is used to verify the current user has authorization to be on whatever page this if statement is on. The variable can just as easily be written as such: session("adminAuth" or would be equivellent and easier to understand if they used the variable session("adminAccessAuthorization" or somthing.
The user does not have to enter a value into a text box for it to be entered into the session variable. Take for instance, you go to a site, type in your user id and password. You hit submit. You go to the next page where your user id and password are verified against the values in the database. Now, if your values match the database values, the web site administrator could have put in a script to set the session("ADminAUth" to equal the value of "authorized"...and if it didn't match, then it would equal nothing or somthing else like "false" or "not authorized".
That way, if you try to go directly to the "member" area or "authorized only" area without logging in, if you do not have a session variable called "ADminAUth" set to the value of "authorized", it'll knock you out of the page...here is an exampel:
--logon page-----
<form method='post' action='process.asp'>
<input type='text' name='userID'>
<input type='password' name='pwd'>
<input type='submit' value='Submit'>
</form>
--process.asp-------
<%
Dim userID, pwd
userID=request.form("userID"
pwd=request.form("pwd"
Dim sql
sql = "select * from tblUsers WHERE (((usrID)='" & userID & "') AND ((usrPWD)='" & pwd & "'));"
'open the database connection and execute the sql statement.
'Look to see if any records show up. If there is...that means there's a match and the user is authorized to be here, if not, kick 'em out.
If Not rs.EOF Then
session("ADminAUth" = "authorized"
response.redirect("secrete.asp"
Else
session("ADminAUth" = "unauthorized"
response.redirect("noAccess.asp"
End If
'Close DB connection
%>
--secrete.asp------
<%
'check to see if the user is authorized to be here
'prevents people from just going straight to secrete.asp rather than logging in properly.
If session("ADminAUth" <> "authorized" Then
response.redirect("noAccess.asp"
response.end
End IF
'design your page.
%>
--noAccess.asp------
<html><body>You do not have access to be here!</body></html>
on the secrete page, if they don't have a session("ADminAUth" equal to "authorized" then they'll be sent to noAccess.asp and never see that page..otherwise, that current page will be rendered to them.
But, to answer your question, as you can see the session("ADminAUth" variable was actually set to a value in the code, not by the user. But you can easily set it to a value based on what the user entered like so...
<%
session("userFirstName" = Request.Form("userFirstName"
Response.write("Hello " & session("userFirstName")
%>
And this you can use on any page on the web site without requesting it once it's in the session scope as long as the user is active on your web site.
Hope this clears up any of your confusion. -Ovatvvon :-Q
The session is automatically started when the user goes to your site. Think of it as walking into a grocery store...you automatically pick up a hand basket, or grab a roller-cart. Even if you end up never grabbing anything off the shelves and buying anything...you are still carrying the basket around with you. Likewise, you will have the session active for each user. Each session is private to that user...just like you have your own personal basket at the grocery store.
The session("ADminAUth"
variable you talk about is used to verify the current user has authorization to be on whatever page this if statement is on. The variable can just as easily be written as such: session("adminAuth" or would be equivellent and easier to understand if they used the variable session("adminAccessAuthorization" or somthing.The user does not have to enter a value into a text box for it to be entered into the session variable. Take for instance, you go to a site, type in your user id and password. You hit submit. You go to the next page where your user id and password are verified against the values in the database. Now, if your values match the database values, the web site administrator could have put in a script to set the session("ADminAUth"
to equal the value of "authorized"...and if it didn't match, then it would equal nothing or somthing else like "false" or "not authorized".That way, if you try to go directly to the "member" area or "authorized only" area without logging in, if you do not have a session variable called "ADminAUth" set to the value of "authorized", it'll knock you out of the page...here is an exampel:
--logon page-----
<form method='post' action='process.asp'>
<input type='text' name='userID'>
<input type='password' name='pwd'>
<input type='submit' value='Submit'>
</form>
--process.asp-------
<%
Dim userID, pwd
userID=request.form("userID"
pwd=request.form("pwd"
Dim sql
sql = "select * from tblUsers WHERE (((usrID)='" & userID & "') AND ((usrPWD)='" & pwd & "'));"
'open the database connection and execute the sql statement.
'Look to see if any records show up. If there is...that means there's a match and the user is authorized to be here, if not, kick 'em out.
If Not rs.EOF Then
session("ADminAUth"
= "authorized"response.redirect("secrete.asp"
Else
session("ADminAUth"
= "unauthorized"response.redirect("noAccess.asp"
End If
'Close DB connection
%>
--secrete.asp------
<%
'check to see if the user is authorized to be here
'prevents people from just going straight to secrete.asp rather than logging in properly.
If session("ADminAUth"
<> "authorized" Thenresponse.redirect("noAccess.asp"
response.end
End IF
'design your page.
%>
--noAccess.asp------
<html><body>You do not have access to be here!</body></html>
on the secrete page, if they don't have a session("ADminAUth"
equal to "authorized" then they'll be sent to noAccess.asp and never see that page..otherwise, that current page will be rendered to them.But, to answer your question, as you can see the session("ADminAUth"
variable was actually set to a value in the code, not by the user. But you can easily set it to a value based on what the user entered like so...<%
session("userFirstName"
= Request.Form("userFirstName"Response.write("Hello " & session("userFirstName"
)%>
And this you can use on any page on the web site without requesting it once it's in the session scope as long as the user is active on your web site.
Hope this clears up any of your confusion. -Ovatvvon :-Q
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question