I'm currently working on a website where I have implementing a "member's

only" section.  The password and username are in the database and I have

the login working correctly but I have a major problem.  Even though I

have the login working the problem is that you really don't have to login

to be honest.  Because once you login, you can copy the url of the

redirection after loging in and go right to that page without logging in. 

So, it is more like I have a house with a front and two side walls but

nothing in the back.  How do I close that end where when a person tries to

go to that page it will secure it for me.  Any suggestions?



T.L.



--- 

FREE SOFTWARE DEVELOPMENT CODE, CONTENT, AND

INSIGHTS IN YOUR INBOX!

Get the latest and best C++, Visual C++, Java, Visual Basic, and XML tips, tools, and 

developments from the experts.  Sign up for one or more of EarthWeb?s

FREE IT newsletters at http://www.earthweb.com today!  

---

You are currently subscribed to asp_databases as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_databases-$subst('Recip.MemberIDChar')@p2p.wrox.com

Hi Jackson,



After a member has logged in, you have to create a token and store it in 

a session variable. And check existence of this token at the top of each 

page you want to secure. For example...



In your login handler page...



    ... code to handle login



    ' Assume user has logged in successfully, create a token and store 

it in session variable.

    Session("blnHasLoggedIn") =3D True





At the top of the page you want to secure...

   

    ' Check existence of the token

    If Not Session("blnHasLoggedIn") Then

       

        ' User has not logged in, redirect to login page

        Response.Redirect("login.asp")



    End If   



Good luck!



Michael Wong









----- Original Message -----

From: "T.L. Jackson" <actionjackson@a...>

To: "ASP Databases" <asp_databases@p...>

Sent: Saturday, December 30, 2000 9:24 AM

Subject: [asp_databases] Need some Guidence.





> I'm currently working on a website where I have implementing a 

"member's

> only" section.  The password and username are in the database and I 

have

> the login working correctly but I have a major problem.  Even though I

> have the login working the problem is that you really don't have to 

login

> to be honest.  Because once you login, you can copy the url of the

> redirection after loging in and go right to that page without logging 

in.

> So, it is more like I have a house with a front and two side walls but

> nothing in the back.  How do I close that end where when a person 

tries to

> go to that page it will secure it for me.  Any suggestions?

>

> T.L.





--- 

NEED TECHNICAL TIPS, TOOLS, AND INSIGHTS?  Is FREE okay?

Visit EarthWeb for the latest in IT Management, Software Development, 

Web Development, Networking & Communications, and Hardware & Systems.  

Click on http://www.earthweb.com for FREE articles, tutorials,

and discussions from the experts.

---

You are currently subscribed to asp_databases as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_databases-$subst('Recip.MemberIDChar')@p2p.wrox.com

At the top of each page, you insert a "Logged-In" check function.

if the user isn't logged in then , you redirect to another page.

Use cookies or session variables to track the user.







----- Original Message -----

From: "T.L. Jackson" <actionjackson@a...>

To: "ASP Databases" <asp_databases@p...>

Sent: Friday, December 29, 2000 8:24 PM

Subject: [asp_databases] Need some Guidence.





> I'm currently working on a website where I have implementing a "member's

> only" section.  The password and username are in the database and I have

> the login working correctly but I have a major problem.  Even though I

> have the login working the problem is that you really don't have to login

> to be honest.  Because once you login, you can copy the url of the

> redirection after loging in and go right to that page without logging in.

> So, it is more like I have a house with a front and two side walls but

> nothing in the back.  How do I close that end where when a person tries to

> go to that page it will secure it for me.  Any suggestions?

>

> T.L.





--- 

FREE SOFTWARE DEVELOPMENT CODE, CONTENT, AND

INSIGHTS IN YOUR INBOX!

Get the latest and best C++, Visual C++, Java, Visual Basic, and XML tips, tools, and 

developments from the experts.  Sign up for one or more of EarthWeb?s

FREE IT newsletters at http://www.earthweb.com today!  

---

You are currently subscribed to asp_databases as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_databases-$subst('Recip.MemberIDChar')@p2p.wrox.com

I have done this in the past by putting storing a cookie in the user, and

then putting something like this at the top of each page...



<%  if session.cookie("login")<>"success" then

response.redirect("notloggid.asp") %>



If the user has the cookie, they are allowed to see the page. If you copy

the URL, you wouldn't have the cookie, and then couldn't load the page.



-Brad





> From: "T.L. Jackson" <actionjackson@a...>

> Reply-To: "ASP Databases" <asp_databases@p...>

> Date: Sat, 30 Dec 2000 01:24:45 -0000

> To: "ASP Databases" <asp_databases@p...>

> Subject: [asp_databases] Need some Guidence.

> 

> I'm currently working on a website where I have implementing a "member's

> only" section.  The password and username are in the database and I have

> the login working correctly but I have a major problem.  Even though I

> have the login working the problem is that you really don't have to login

> to be honest.  Because once you login, you can copy the url of the

> redirection after loging in and go right to that page without logging in.

> So, it is more like I have a house with a front and two side walls but

> nothing in the back.  How do I close that end where when a person tries to

> go to that page it will secure it for me.  Any suggestions?

> 

> T.L.





---

FREE WEB DEVELOPMENT CODE, CONTENT, AND INSIGHTS

IN YOUR INBOX!

Get the latest and best HTML, XML, and JavaScript tips, tools, and 

developments from the experts.  Sign up for one or more of EarthWeb's

FREE IT newsletters at http://www.earthweb.com today!  

---

You are currently subscribed to asp_databases as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_databases-$subst('Recip.MemberIDChar')@p2p.wrox.com

All pages on your site should check to see if the session variable is set;

indicating a successful log in has occurred.  If the visitor lands on any

page, but has not created this session variable, then send them to the logon

screen....

Also you can use the global ASA to to invoke code on session start up, but

this is probably not good enough either.

Do the first mentioned solution.



----- Original Message -----

From: "T.L. Jackson" <actionjackson@a...>

To: "ASP Databases" <asp_databases@p...>

Sent: Friday, December 29, 2000 5:24 PM

Subject: [asp_databases] Need some Guidence.





> I'm currently working on a website where I have implementing a "member's

> only" section.  The password and username are in the database and I have

> the login working correctly but I have a major problem.  Even though I

> have the login working the problem is that you really don't have to login

> to be honest.  Because once you login, you can copy the url of the

> redirection after loging in and go right to that page without logging in.

> So, it is more like I have a house with a front and two side walls but

> nothing in the back.  How do I close that end where when a person tries to

> go to that page it will secure it for me.  Any suggestions?

>

> T.L.





--- 

NEED TECHNICAL TIPS, TOOLS, AND INSIGHTS?  Is FREE okay?

Visit EarthWeb for the latest in IT Management, Software Development, 

Web Development, Networking & Communications, and Hardware & Systems.  

Click on http://www.earthweb.com for FREE articles, tutorials,

and discussions from the experts.

---

You are currently subscribed to asp_databases as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_databases-$subst('Recip.MemberIDChar')@p2p.wrox.com