DaniWeb IT Discussion Community - Sessions/securing web site pages with a Login

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/)

- ASP (http://www.daniweb.com/forums/forum62.html)

- - Sessions/securing web site pages with a Login (http://www.daniweb.com/forums/thread43869.html)

JC_2000

Apr 22nd, 2006 8:21 am

Sessions/securing web site pages with a Login

Hi everyone,

Can anyone tell me how you can stop users from URL Hacking your website with ASP (sessions)?
So for example if you have a password and username form on the front of your website and only want authorised members to gain access to your web site.

So for example just say you had a page e.g: somepage.htm and a user who was not logged in types www.somesite.com/somepage.htm. How can you stop them from getting access to the that page if they are not logged in?

P.S: Do you have any sample code?

Please help,

Jay.

msaqib

May 6th, 2006 4:14 pm

Re: Sessions/securing web site pages with a Login

<%

Dim lgn,pas ' Login name & Pasword

lgn=cstr(Request("login"))

pas=cstr(REquest("pass"))

if ((lgn="login") AND (pas="123")) then 

  session("admin") = True

  response.Redirect("somepage.asp")

end if

 

'now if the user have not logged in then 

if NOT(session("admin")) then Response.Redirect("NoAccess.asp")

%>

The simplest code will look like this.

tparke

May 9th, 2008 8:11 am

Re: Sessions/securing web site pages with a Login

Hi Jay,

Did you manage to solve the URL hacking problem? I have the same situation and would really appreciate it if you could let me know how you got around it.

Thanks,
Tony

All times are GMT -4. The time now is 7:41 pm.