0

Hi everyone,

Can anyone tell me how you can stop users from URL Hacking your website with ASP (sessions)?
So for example if you have a password and username form on the front of your website and only want authorised members to gain access to your web site.

So for example just say you had a page e.g: somepage.htm and a user who was not logged in types www.somesite.com/somepage.htm. How can you stop them from getting access to the that page if they are not logged in?

P.S: Do you have any sample code?

Please help,

Jay.

3
Contributors
2
Replies
3
Views
11 Years
Discussion Span
Last Post by tparke
0
<%
Dim lgn,pas ' Login name & Pasword
lgn=cstr(Request("login"))
pas=cstr(REquest("pass"))
if ((lgn="login") AND (pas="123")) then 
  session("admin") = True
  response.Redirect("somepage.asp")
end if
 
'now if the user have not logged in then 
if NOT(session("admin")) then Response.Redirect("NoAccess.asp")
%>

The simplest code will look like this.

0

Hi Jay,

Did you manage to solve the URL hacking problem? I have the same situation and would really appreciate it if you could let me know how you got around it.

Thanks,
Tony

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.