|
Subject:
|
login cookie help
|
|
Posted By:
|
daddycool2k
|
Post Date:
|
11/16/2003 2:15:09 PM
|
hello, i have a website that uses a http://www32.brinkster.com/speirsy/web_coursework/ that uses a lofin and password feature.
I was lookin 2 implement cookies or session cookies into it, so if the user has logged in before, they dnt need 2 log in again, and was also going to incorporate a checkbox which they can click to 'remember me'
does anyone have any idea how to implement this
your help would be much appreciated
thasnk craig
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/16/2003 10:21:03 PM
|
Assuming that you have your pages set up to send a user back to the login page automatically if a user isn't logged in, then you would need to check for the login cookie on that page. If a loggin cookie is found, the you complete the login automatically and send the user on. If not, then you present the login form.
When a regular login happens (i.e. they enter their username/password and you process the login) then you write a cookie with the pertinent information.
Do you need specific help with one of these tasks?
Session cookies aren't going to help you. You are trying to remember the user between sessions, right?
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/17/2003 9:57:01 AM
|
yeah, i want it that the user logs in, and therefore enters the site
a cookie is then created that remembers that the user has logged in , so threfore if he closes his internet browser and accesses my site again , he doesnt need 2 log in.
i need help in the whole cookie structure because i have not got a clue how 2do it
thanks
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/17/2003 10:25:40 AM
|
Once you validate a login, you just need to write out the cookies:
Response.Cookies("username") = sUsername
Response.Cookies("password") = sPassword
In the beginning of where the login form lives you do a check for the cookie values before showing the form...
If Request.Cookies("username") <> "" Then
'Execute login validation here using values from cookies
'Get values from cookies
sUsername = Request.Cookies("username")
sPassword = Request.Cookies("password")
'call doLogin to validate login,
'returns true for valid login
If doLogin(sUsername, sPassword) Then
Response.Redirect("index.asp")
End If
End If
There's no Else for either If. If there's no cookie or login is bad (to catch cookie hacking) then you just continue on and show the login form.
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/17/2003 11:10:05 AM
|
so when the login form is submitted it goes 2 processuser.asp and that validates the username and password and then is redirected to the main.asp which is the main part of the site.
so i should put
Response.Cookies("username") = sUsername
Response.Cookies("password") = sPassword
on the main.asp page?
also the check for the cookies
If Request.Cookies("username") <> "" Then
'Execute login validation here using values from cookies
'Get values from cookies
sUsername = Request.Cookies("username")
sPassword = Request.Cookies("password")
'call doLogin to validate login,
'returns true for valid login
If doLogin(sUsername, sPassword) Then
Response.Redirect("index.asp")
End If
End If
that redirects the user to main .asp
thanks
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/17/2003 11:28:11 AM
|
You should set the cookies on processuser.asp. You can't set them on main.asp because that's not where you are validating the login. Plus, if you have code that is checking to make sure a user is logged in, then main.asp (because the cookies aren't set yet) would kick you back to login.asp.
So you need to:
- Set cookies on processuser.asp
- Check cookies on login.asp for return user
- Check the user login status throughout the session.
How are you maintaining the user login status? Do you have (or will you have) code on all the pages that checks to make sure a user is logged in? Because you are going to use a cookie to remember their login between sessions, you could use that as the "in-session" check as well. Every page that you need to protect should call this check. Your logout page would expire the cookies so the next page fails the login check and kicks you back to login.asp.
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/17/2003 11:45:24 AM
|
i dont know, i was just thinking that wen u login to the main site thats just it, but i spsoe people could jst hack into the site, so i dnt know wot 2 do. lol.
also wot code should i use 2 expire all cookies ie the logout phase.
this is quite complex
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/17/2003 1:06:18 PM
|
Yes it can be quite complex.
If someone has been to your site before, they would know they could go to main.asp (instead of just index or login). Unless you have means of checking that someone is logged in on every secure page, you are really defeating the purpose of having a login.
Checking on each page wouldn't be that hard, all you need to do is check that there are values in the cookies for username and password. Now you should probably validate this against your username list (in the database). I would not advise that you do this each time, because that would be excessive. Instead, validate once and store a session value so it's quicker to check each time. Here's what I would do based on what you have said that you have:
login page:
- Check the cookie values for "return user" as I described above. If there are values, call the doLogin() function with the values from the cookies to validate the user against the database (this prevents cookie hacking). Function returns false for bad login.
- If not validated (doLogin = False) or no "return user" (no cookies found), show the login form.
processuser.asp
login.asp posts to this page.
- Call doLogin() function with the values entered into the form. Function returns false for bad login
Bad login:
- redirect to login form again with error message
All other ASP pages
At start of page, call checkLogin()
functions (in a common include file):
doLogin(sUsername, sPassword)
- validate the username and password against the database
if valid:
- write cookies (as described in earlier post)
- write username to the session object (Session("username") = sUsername)
- redirect to main page
if NOT valid:
- return False (need to just return false cause different pages need to handle this differently.)
checkLogin()
- Checks Session("username") for a value.
if there's a value, assume that we've completed a login process (by cookie or login form) and can access the page.
if there's NO value, we need to log in.
- Redirect to the login page
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/17/2003 8:00:35 PM
|
its not workin, i have this code on the index.asp page which is the login page and can be viewed here http://www32.brinkster.com/speirsy/web_coursework/
<%
If Request.Cookies("username") <> "" Then
'Execute login validation here using values from cookies
'Get values from cookies
sUsername = Request.Cookies("username")
sPassword = Request.Cookies("password")
'call doLogin to validate login,
'returns true for valid login
If doLogin(sUsername, sPassword) Then
Response.Redirect("log.asp")''''''log.asp is the page are redirected 2 when u successfully log in''''''''
End If
End If
%>
the values on the login form are userQuery and passwordEntry
on the user.asp page which validates if the username and password are correct when u hit login this code is thre.
<%@ Language="VBScript" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<?xml version="1.0" encoding="iso-8859-1"?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title></title>
<%
Response.Cookies("userQuery") = sUsername
Response.Cookies("passwordEntry") = sPassword
%>
</head>
<body>
<%
Dim xmlDocument, path, nodes
set xmlDocument = CreateObject("MSXML2.FreeThreadedDOMDocument")
xmlDocument.async = "false"
xmlDocument.load(Server.MapPath("/speirsy/db/user.xml"))
xmlDocument.setProperty "SelectionLanguage", "XPath"
path = "/records/details[username='" & Request.Form("userQuery") & "']"
set nodes = xmlDocument.selectNodes(path)
If nodes.length = 0 Then
Response.write("Please enter a valid username and password</br></br>")
Response.write("<a href='index.asp'>Back to login page</a>")
End If
For Each Node In nodes
For Each Node2 In Node.childNodes
If Node2.nodeName = "password" Then
If Node2.text = Request.Form("passwordEntry") Then
Response.Redirect "log.asp"
else
Response.Write(" please enter a valid password</br></br>")
Response.write("<a href='index.asp'>Back to login page</a>")
End If
End If
Next
Nextlog.asp is the page are redirected 2 when u successfully log in
%>
</body>
</html>
any help would be benificial
thanks again
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/17/2003 8:43:50 PM
|
Where did you put doLogin()? I don't see it anywhere except where you call it. That should live in a common include file that index.asp and user.asp both include. Then you can call it from each one file.
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/18/2003 1:57:41 AM
|
If Request.Cookies("username") <> "" Then
'Execute login validation here using values from cookies
'Get values from cookies
sUsername = Request.Cookies("username")
sPassword = Request.Cookies("password")
'call doLogin to validate login,
'returns true for valid login
If doLogin(sUsername, sPassword) Then
Response.Redirect("index.asp")
End If
End If
is that what you are talking about doLogin(), i dont knowwhere to put it, its jst on the login page the now?
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/18/2003 12:12:27 PM
|
I was suggesting creating a login function because you need to do this login routing in two places: once where you handle processing the user login (processuser.asp) and once on your index page where you try to do a auto login based on the cookie values. there's no reason to duplicate the login routine on both page when you can just create a function for it and call the function from both places.
Maybe this will help. I made a small adjustment to your XPath query based on what I'm assuming your XML structure to be.
If this is what your XML structure looks like
<records>
<details>
<username>username1</username>
<password>password1</password>
</details>
<details>
<username>username2</username>
<password>password2</password>
</details>
</records>
than this should work for you:
File: login.inc
<%
Function doLogin(sUserName, sPassword)
Dim xmlDocument, path, nodes
set xmlDocument = CreateObject("MSXML2.FreeThreadedDOMDocument")
xmlDocument.async = "false"
xmlDocument.load(Server.MapPath("/speirsy/db/user.xml"))
xmlDocument.setProperty "SelectionLanguage", "XPath"
path = "/records/details[username='" & sUserName & "' and password='" & sPassword & "']"
set nodes = xmlDocument.selectNodes(path)
If nodes.length > 0 Then
'User found!
Response.Cookies("username") = sUsername
Response.Cookies("password") = sPassword
Response.Redirect "log.asp"
Else
'No user found :-(
doLogin = False
End If
End Function
%>
File: index.asp
<!-- #include file="login.inc" -->
<%
If Request.Cookies("username") <> "" Then
'Execute login validation here using values from cookies
'Get values from cookies
sUsername = Request.Cookies("username")
sPassword = Request.Cookies("password")
'call doLogin to validate login,
'returns true for valid login
doLogin(sUsername, sPassword)
'doLogin will redirect you automatically if login succeeds
End If
%>
[rest of the page here: show login form]
File: processuser.asp
<!-- #include file="login.inc" -->
<%
doLogin(Request.Form("userQuery"), Request.Form("passwordEntry"))
'doLogin will redirect automatically, so if it fails, this page will be seen
%>
please enter a valid password</br></br>
<a href='index.asp'>Back to login page</a>
Hope this helps.
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/18/2003 5:18:59 PM
|
mate wot does
<!-- #include file="login.inc" -->
mean?
sorry
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/18/2003 5:28:24 PM
|
That is how you include a file in an ASP script. Commonly used for including files with common code into a script.
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/18/2003 5:28:36 PM
|
my code for index asp is
<%@ Language="VBScript" %>
<% option explicit %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<?xml version="1.0" encoding="iso-8859-1"?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>: . Welcome to dezine . :</title>
<!-- #include file="login.inc" -->
<%
Function doLogin(sUserName, sPassword)
Dim xmlDocument, path, nodes
set xmlDocument = CreateObject("MSXML2.FreeThreadedDOMDocument")
xmlDocument.async = "false"
xmlDocument.load(Server.MapPath("/speirsy/db/user.xml"))
xmlDocument.setProperty "SelectionLanguage", "XPath"
path = "/records/details[username='" & sUserName & "' and password='" & sPassword & "']"
set nodes = xmlDocument.selectNodes(path)
If nodes.length > 0 Then
'User found!
Response.Cookies("username") = sUsername
Response.Cookies("password") = sPassword
Response.Redirect "log.asp"
Else
'No user found :-(
doLogin = False
End If
End Function
If Request.Cookies("username") <> "" Then
'Execute login validation here using values from cookies
'Get values from cookies
sUsername = Request.Cookies("username")
sPassword = Request.Cookies("password")
'call doLogin to validate login,
'returns true for valid login
doLogin(sUsername, sPassword)
'doLogin will redirect you automatically if login succeeds
End If
%>
<script type="text/javascript">
function validate() {
if (document.form1.userQuery.value.length < 1) {
document.form1.userQuery.focus();
window.alert("Please enter a Username.");
return false;
}
if (document.form1.passwordEntry.value.length < 1) {
document.form1.passwordEntry.focus();
window.alert("Please enter a password.");
return false;
}
}
</script>
</head>
<body>
<p> Welcome to dezine, a portal site where you can search for tutorials and also reviews of the latest products that multimedia and web designers use today</p>
<p> In order to use the site, please enter your details and then press the submit button</p>
<table align="center">
<form name=form1 method="POST" action="user.asp" method="post" onsubmit="return validate()">
<tr>
<td>Username:</td>
<td><input type="text" name="userQuery" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="passwordEntry" /></td>
</tr>
<tr>
<td align="center" colspan="2"><input type="submit" value="Login" /></td>
</tr>
</form>
</table>
<br />
<table align="center">
<tr>
<td> <a href="signup.html">Join</a></td>
</tr>
<tr>
<td> <a href="javascript: submitReminder();">Lost password</a></td>
</tr>
</table>
<p> </p>
<p> </p>
<p> </p><p> </p>
<p> </p>
<p> </p>
<p> </p><p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p>Copyright 2003 Craig Speirs</p>
</body>
</html>
and is not working
the error that appears is Active Server Pages error 'ASP 0126'
Include file not found
/speirsy/web_coursework/index.asp, line 13
The include file 'login.inc' was not found.
is login.inc to be saved ina separate file ? like login.inc contains all that code u gave me, also is that the only code i need for process.asp?
thanks again sir
craig
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/18/2003 5:32:45 PM
|
That is pretty much all you need for process ASP. If the login succeeds it redirects to the next page. If it fails you show the error with the link back to the index (login) page. You probably should format it nicely in a full set of html tags and all, I just wanted to show you what you had to do.
Yes, you need to create a new file: login.inc. This is the file that the other two files "include". Your doLogin() function needs to live in that file so that both the processuser.asp and index.asp pages can access that function.
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/18/2003 5:51:04 PM
|
still problems
my index.asp includes the code
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>: . Welcome to dezine . :</title>
<!-- #include file="login.inc" -->
<%
If Request.Cookies("username") <> "" Then
'Execute login validation here using values from cookies
'Get values from cookies
sUsername = Request.Cookies("username")
sPassword = Request.Cookies("password")
'call doLogin to validate login,
'returns true for valid login
doLogin sUsername, sPassword
'doLogin will redirect you automatically if login succeeds
End If
%>
<script type="text/javascript
but an error appears asking Microsoft VBScript compilation error '800a03f6'
Expected 'End'
/speirsy/web_coursework/index.asp, line 24
i enter an end then it asks for an end if
neverending i tellu
my login.inc is
<%
Function doLogin(sUserName, sPassword)
Dim xmlDocument, path, nodes
set xmlDocument = CreateObject("MSXML2.FreeThreadedDOMDocument")
xmlDocument.async = "false"
xmlDocument.load(Server.MapPath("/speirsy/db/user.xml"))
xmlDocument.setProperty "SelectionLanguage", "XPath"
path = "/records/details[username='" & sUserName & "' and password='" & sPassword & "']"
set nodes = xmlDocument.selectNodes(path)
If nodes.length > 0 Then
'User found!
Response.Cookies("username") = sUsername
Response.Cookies("password") = sPassword
Response.cookies("username").Expires=date+9999
Response.cookies("password").Expires=date+9999
%>
Response.Redirect "log.asp"
Else
'No user found :-(
doLogin = False
End If
End Function
%>
and my user.asp ( name has been changed from process.asp) is
<%@ Language="VBScript" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<?xml version="1.0" encoding="iso-8859-1"?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title></title>
<!-- #include file="login.inc" -->
<%
doLogin Request.Form("userQuery"), Request.Form("passwordEntry")
'doLogin will redirect automatically, so if it fails, this page will be seen
%>
please enter a valid password</br></br>
<a href='index.asp'>Back to login page</a
</body>
</html>
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/18/2003 6:28:45 PM
|
What's the %> doing in the middle of the include file?
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/19/2003 6:25:39 AM
|
oh aye 
i have took it out, still doesnt rmbr u have logged in tho??
http://www32.brinkster.com/speirsy/web_coursework/
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
11/19/2003 6:36:48 AM
|
now its sayin
Microsoft VBScript runtime error '800a01f4'
Variable is undefined: 'sUserName'
/speirsy/web_coursework/index.asp, line 17
my code for index.asp is
<%@ Language="VBScript" %>
<% option explicit %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<?xml version="1.0" encoding="iso-8859-1"?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>: . Welcome to dezine . :</title>
<!-- #include file="login.inc" -->
<%
If Request.Cookies("username") <> "" Then
'Execute login validation here using values from cookies
'Get values from cookies
sUsername = Request.Cookies("username")
sPassword = Request.Cookies("password")
'call doLogin to validate login,
'returns true for valid login
doLogin sUsername, sPassword
'doLogin will redirect you automatically if login succeeds
End If
%>
<script type="text/javascript">
function validate() {
if (document.form1.userQuery.value.length < 1) {
document.form1.userQuery.focus();
window.alert("Please enter a Username.");
return false;
}
if (document.form1.passwordEntry.value.length < 1) {
document.form1.passwordEntry.focus();
window.alert("Please enter a password.");
return false;
}
}
</script>
</head>
<body>
<p> Welcome to dezine, a portal site where you can search for tutorials and also reviews of the latest products that multimedia and web designers use today</p>
<p> In order to use the site, please enter your details and then press the submit button</p>
<table align="center">
<form name=form1 method="POST" action="user.asp" method="post" onsubmit="return validate()">
<tr>
<td>Username:</td>
<td><input type="text" name="userQuery" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="passwordEntry" /></td>
</tr>
<tr>
<td align="center" colspan="2"><input type="submit" value="Login" /></td>
</tr>
</form>
</table>
<br />
<table align="center">
<tr>
<td> <a href="signup.html">Join</a></td>
</tr>
<tr>
<td> <a href="javascript: submitReminder();">Lost password</a></td>
</tr>
</table>
<p> </p>
<p> </p>
<p> </p><p> </p>
<p> </p>
<p> </p>
<p> </p><p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p>Copyright 2003 Craig Speirs</p>
</body>
</html>
my code for login.inc is same as ures and likewise for process.asp
thanks
|
|
Reply By:
|
planoie
|
Reply Date:
|
11/19/2003 7:03:11 AM
|
I don't mean this to sound harsh, but it sounds like you need to do a bit of reading on the basics of ASP before you continue with this. For example:
- What Option Explicit means
- How include files are used
- How to use the ASP Session object
- How to use cookies
This is a course you are taking? Don't they provide some kind of reading material (or links to some)? I'm frankly worried that you are asking questions about somewhat more complex tasks (remembering logins in cookies, using XML) when you don't seem to understand a few basics of ASP.
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
12/2/2003 7:19:34 AM
|
took ure info into account and noow have the cookies wrkin perfectly, but i am unsure of ure comment
""
How are you maintaining the user login status? Do you have (or will you have) code on all the pages that checks to make sure a user is logged in? Because you are going to use a cookie to remember their login between sessions, you could use that as the "in-session" check as well. Every page that you need to protect should call this check. Your logout page would expire the cookies so the next page fails the login check and kicks you back to login.asp.
""
would i use the same code that i used within the login page, for example i dont want people 2 hack into the site, that would defeat the purpose of loggin in, thanks
|
|
Reply By:
|
planoie
|
Reply Date:
|
12/2/2003 11:38:52 AM
|
You would not use the same code from the login page, cause that just does the login, doesn't it?
Once you have the user logged in you need to secure your other pages. There's no point in having a login if the other pages aren't secured. So you need to check to see that a user is logged in. If this status is being stored in a cookie, then you will need to have every single page that you need secured to check that cookie to see if there is a user currently logged in. If they aren't, then you redirect them back to the login page.
Generally this is easiest done be creating another function/sub that does the checking. Put this function on an include file that all the secure pages include, and have the page call the function. Or you could just put the code right into the include file without it being in a function and simply include that file in the secure pages. This way, the code will automatically run when the page runs.
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
12/3/2003 8:13:22 PM
|
i know u said it ws this
checkLogin()
- Checks Session("username") for a value.
if there's a value, assume that we've completed a login process (by cookie or login form) and can access the page.
if there's NO value, we need to log in.
- Redirect to the login page
but how do i check for a value
sorry
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
12/3/2003 8:18:12 PM
|
If Session("username") <> "true" Then
-stay on same page
else
Response.Redirect("login.asp")
End If
i ahve that , but what is the asp code for stayin on the same page
|
|
Reply By:
|
daddycool2k
|
Reply Date:
|
12/3/2003 8:43:57 PM
|
i know it is sumat like this
<%
If Session("BlnLoggedIn") <> True Then
Response.Redirect("login.asp")
End If
%>
to password pages
so i added this line to my login.inc
If nodes.length > 0 Then
'User found!
Session("BlnLoggedIn") = True
Response.Cookies("username") = sUsername
but if i am either logged in or out it always redirects me, i cant see anything wrong with the code
|
|
Reply By:
|
planoie
|
Reply Date:
|
12/4/2003 9:45:56 AM
|
If you don't redirect then you stay on the page.
I think your test is failing because the session object returns strings:
Session("BlnLoggedIn") returns "True"
"True" (string) does NOT equal True (boolean).
You either need to test for "True" (instead of True)
or
convert the value from session to a boolean:
If CBool(Session("BlnLoggedIn")) <> True Then
...
I'd recommend the boolean conversion.
And a cleaner way to do that test would be this:
If Not CBool(Session("BlnLoggedIn")) Then
...
A little less code, and it even reads easier: "If Not LoggedIn Then..."
Peter
------------------------------------------------------
Work smarter, not harder.
|
