Sessions/securing web site pages with a Login

Expand Post »

Hi everyone,

Can anyone tell me how you can stop users from URL Hacking your website with ASP (sessions)?
So for example if you have a password and username form on the front of your website and only want authorised members to gain access to your web site.

So for example just say you had a page e.g: somepage.htm and a user who was not logged in types www.somesite.com/somepage.htm. How can you stop them from getting access to the that page if they are not logged in?

P.S: Do you have any sample code?

Please help,

Jay.

Similar Threads

Why a web site, and why web hosting? in IT Professionals' Lounge
Random Web Site Redirects in Viruses, Spyware and other Nasties
Help on making a site(pages) like this in PHP

JC_2000

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

17 posts
since Oct 2005

Permalink

May 6th, 2006

Re: Sessions/securing web site pages with a Login

ASP Syntax (Toggle Plain Text)
<%
Dim lgn,pas ' Login name & Pasword
lgn=cstr(Request("login"))
pas=cstr(REquest("pass"))
if ((lgn="login") AND (pas="123")) then 
  session("admin") = True
  response.Redirect("somepage.asp")
end if
 
'now if the user have not logged in then 
if NOT(session("admin")) then Response.Redirect("NoAccess.asp")
%>
<%
Dim lgn,pas ' Login name & Pasword
lgn=cstr(Request("login"))
pas=cstr(REquest("pass"))
if ((lgn="login") AND (pas="123")) then 
  session("admin") = True
  response.Redirect("somepage.asp")
end if
 
'now if the user have not logged in then 
if NOT(session("admin")) then Response.Redirect("NoAccess.asp")
%>

The simplest code will look like this.

msaqib

Reputation Points: 9

Solved Threads: 1

Junior Poster in Training

Offline

91 posts
since Sep 2004

Permalink

May 9th, 2008

Re: Sessions/securing web site pages with a Login

Hi Jay,

Did you manage to solve the URL hacking problem? I have the same situation and would really appreciate it if you could let me know how you got around it.

Thanks,
Tony

tparke

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

1 posts
since May 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in ASP Forum Timeline: Drop Down menu

Next Thread in ASP Forum Timeline: checkbox checkchanged event not firing in datalist control

DaniWeb Message

Cancel Changes

User Name
Password