When I set my session variables, and then move to the next page with my new found credentials, it doesn't keep them.

I'm moving from login.asp using check.asp which should bring me to panel.asp.

login.asp:

<html>
<head>
<title>Login</title>
</head>
<body>
<% Session.Abandon %>
<form name="form" action="check.asp" method="post">
Username: <input type="text" name="username" />
Password: <input type="password" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="login" />
</form>
</body>
</html>

check.asp:

<%
Dim adoCon
Dim rsLogin
Dim strSQL
Dim username
Dim passwordForm
Dim passwordDB


Session.Abandon
username = Request.Form("username")
passwordForm = Request.Form("password")

Set adoCon = Server.CreateObject("ADODB.Connection")
adoCon.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("login.mdb")
Set rsLogin = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT tblLoginInfo.ID_no, tblLoginInfo.loginName, tblLoginInfo.loginCode, tblLoginInfo.permissionLevel, tblLoginInfo.fName, tblLoginInfo.lName FROM tblLoginInfo;"
rsLogin.Open strSQL, adoCon


Do While (not rsLogin.EOF) AND (rsLogin("loginName") <> username)
	rsLogin.MoveNext
Loop
	
if(rsLogin("loginCode") = passwordForm) Then
		ENABLESESSIONSTATE = TRUE
		response.write("pass")
		Session("timeVisited") = Time()
		
		Session("permission") = rsLogin("permissionLevel")
		Session("name1") = rsLogin("fName")
		Session("name2") = rsLogin("lName")
		response.write(session("permission"))
		response.write(session("name1"))
		response.write(session("name2"))
		response.write(session.timeout)
		response.redirect "panel.asp"
	else
		response.write("fail")
	end if

Session.Abandon

rsLogin.Close
Set rsLogin = Nothing
Set adoCon = Nothing


%>
<!-- Link to test session state:
<a href="session.asp">session</a>
-->

panel.asp:

<% 
If IsEmpty(Session("name1")) then
	response.redirect "login.asp"
end if
%>


<html>
<head>
<title>Job Opportunities Panel</title>
<link rel="stylesheet" type="text/css"
href="m1-5.css" />
</head>
<body>

<table id="maintable" align="center">
	<tr>
		<td colspan="2" height="50" id="banner">
			<img src="jobBanner.png" />
		</td>
	</tr>
	<tr >
	    <td height="400" id="navigation" valign="top" align="left">

Hello (username)<br>
Logout<br>
Change Password<br>
<a href="add.asp">Add New Posting</a>

</td><td id="content" valign="top" align="left">
<%
Dim adoCon
Dim rsJobs
Dim strSQL
Dim itemID

Set adoCon = Server.CreateObject("ADODB.Connection")
adoCon.Open = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("jobOps.mdb")
Set rsJobs = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT tblJobs.ID_no, tblJobs.jobTitle, tblJobs.jobLocation, tblJobs.jobSalary, tblJobs.payType FROM tblJobs;"
rsJobs.Open strSQL, adoCon

Do While not rsJobs.EOF
	Response.Write("<br />")
	Response.Write(rsJobs("jobTitle"))
	Response.Write(" (")
	Response.Write(rsJobs("jobLocation"))
	Response.Write(") - ")
	Response.Write("<a href=""delete_entry.asp?ID=" & rsJobs("ID_no") & """>Delete</a>")
	Response.Write(" | ")
	Response.Write("<a href=""update_form.asp?ID=" & rsJobs("ID_no") & """>Edit</a>")
	Response.Write("<br />Pay: ")
	Response.Write(rsJobs("jobSalary"))
	Response.Write("/")
	Response.Write(rsJobs("payType"))
	Response.Write("<br />")
	Response.Write("<hr width=""80%"" height=""1"" />")
	Response.Write("<br />")
	rsJObs.MoveNext
Loop

rsJobs.Close
Set rsJobs = Nothing
Set adoCon = Nothing
%>
</td></tr></table>
</body>
</html>

I have checked on my server and session states are enabled. I am using Firefox and cookies are enabled.

I can't find any other resources out there to troubleshoot this, so maybe you guys can help... :confused:

Hi,

The problem is with Session.abandon statement.
you have included it in page check.asp in the bottom of the page.

Do you know what this statement does?

It destroys the session. so when you goes to panel.asp, till that time the session is already destroyed in check.asp page itself.

Remove the session.abandon from check.asp and login.asp

and the proces will work properly.

Also, the query you used is not correct.

you should use a simple query select fields from table where loginname = username and logincode = passwordfrom

then you will not require to check these seperately.

Regards,
Vivek

This article has been dead for over six months. Start a new discussion instead.