helo guys...am doing my website in asp.net and its gonna be an ecommerce site with shopping cart and all..I learned that i will need to makke use of session in the login form and pass it to the other forms...can anyone help and gimme some explanation

Hi,

First you need to have a login table to store user data like userid and username.

In the login page create a

session["userid"].

In this session assign the user name from login table when a user logs in and check this session in every page of your webiste like this

if(Session["username"].TOstring()=="")
response.redirect("login.aspx");

In this way you can redirect user who didnt login to login page.

Hi,

First you need to have a login table to store user data like userid and username.

In the login page create a

session["userid"].

In this session assign the user name from login table when a user logs in and check this session in every page of your webiste like this

if(Session["username"].TOstring()=="")
response.redirect("login.aspx");

In this way you can redirect user who didnt login to login page.

can u plz explain me more precisely?? look i have a login form. and when i login, it redirects me to certain pages allowed to either user or administrator. but when i change the page.aspx name from the address bar of my browser, it is giving me pages that one should not have acccess to...i found out that i should use session..but am kinda lost in this area..plz gimme a helping hand.

have a look here
http://www.w3schools.com/ASP/asp_sessions.asp

it shows you how to create and set sessions.

You can set the sessions with the username of the person who logs in.

Use this session in your your page_load events on your pages in the site to check if it exists. if it doesnt, then they have not logged in (the session isnt there and hasnt been created yet) so redirect back to the login page with response.redirect!

hope that helps

thx i try to take a look...if any other idea..plz let me knw..thx

ok on my login page i put

Session("UserName") = Request("txtUserName")
            'Session.Timeout = 5
            Response.Redirect("default.aspx")

then on my default page i put

If (Session("UserName") Is Nothing) Then
            Response.Redirect("login.aspx")
        End If

it works..but now the problem is that once login and that the user is directed to the default.aspx page, if login.aspx is typed in the address bar, it bring me to login.aspx page which is wrong...any solution?

at the top of you login page

if Session("UserName") <> ""  Then
 Response.Redirect("default.aspx")
End If

at the top of you login page

if Session("UserName") <> ""  Then
 Response.Redirect("default.aspx")
End If

It works great thx

This question has already been answered. Start a new discussion instead.