开发者

Managing asp Session

问答 作者:

I have a code which allows session for my asp pages. However, when i try to use post form which takes me to another asp page, i will be automatically logout. Is there a solution to this? Thanks in advance. 

<%session("cLoginId") = Request.QueryString("cLoginId")
session("Email") = Request.QueryString("Email")
session("cPW") = Request.QueryString("cPW") 
session("UsrId") = csng(Request.QueryString("UsrId"))  
UsrId = csng(Request.QueryString("UsrId"))  
Set Con= server.CreateObject("ADODB.Connection")
Con.Open "Provider=SQLOLEDB;Initial Catalog="&session("db")&";Data Source="&session("SqlServer")&";UID="&session("uid")&";PWD="&session("pwd")&";"

mode = Request.QueryString("mod开发者_如何转开发e") 
UsrId = csng(Request.QueryString("UsrId")) 

cDesc1=CInt(Request.QueryString("c1"))
cStartDte = Request.form("sStartDte") 
cEndDte = Request.form("sEndDte") 
p=Request.QueryString("p") 
'session("cLoginId") = Request.QueryString("cLoginId")
cPW = Request.QueryString("cPW")  
'Response.Write "cDesc1=" & cDesc1 & "<br>"
'Response.Write "PW=" & session("cPW")  & "<br>"
cMsg = Request.QueryString("cMsg") 
'Response.Write "<font color=white>db2=" & session("SqlServer") & "</font><br>"
session("cLoginId") = Request.QueryString("cLoginId")
if cDesc1 <> "" then
session("cLoginId") = Request.QueryString("cLoginId")
cEmail= "cLoginId"&"Email"&"cPW"
end if
colorh3 = 1
%>

<%
sub  ChkUsrDetails(NewsRs)
    set rsUser = Server.CreateObject("ADODB.Recordset")
    UserSQL="SELECT * FROM Login where loginid='"&trim(NewsRs("UsrName"))&"'"
    'Response.Write "UserSQL=" & UserSQL
    rsUser.Open UserSQL,ObjConn,3

    if not rsUser.EOF then
        cFName = rsUser("FName")
        cLName = rsUser("LName")
        cUnit = rsUser("Unit")
    end if
end sub
%>

This is a really bad idea, since you'd be passing login information via a query string which would be visible to anyone. Rather move those variables to constants / pre-set variables which can't be tampered with by the user. As for the user's session when they've logged in, set it in your code once and then just check if it's blank on any pages that need to use it. You could redirect the user back to the login page if it's blank.

E.g. on page_requires_session.asp:

<%
If Session("UserID") = "" Then
    Redirect("login.asp?expired=1")
End If
%>
<!-- Rest of page -->

Then on login.asp:

<%
If Request.QueryString("expired") = "1" Then
    Response.Write "Your session has expired; please log in again"
End If

If Request.Form("submit") = "Login" Then
    ' check in database if user info. matches valid username and password '
Else
    ' display error message
End If
%>
<!-- HTML form would be here -->

继续阅读:asp-classicdatabase

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9