I need to create a password protected directory on a web site. Am concerned

that some users may have disabled cookies. I believe that if this is the

case sessions cannot be used because they send cookies. I haven't figured

out a way to do this without my code being visible.



Can someone point me in the right direction?



***************************************************************************

This e-mail and any files transmitted with it are confidential and intended

solely for the use of the individual or entity to whom they are addressed

If you have received this e-mail in error please notify

seafish@s...



If the content is not about the business of the Sea Fish Industry Authority

or the sea fish industry then the message is neither from nor sanctioned

by the Sea Fish Industry Authority.

Set up a form requiring a password and do the testing for the password

using server side side code embedded  ...I use this for my application.

User does a view source but does not see the <% %> code.



-----Original Message-----

From: Jean Halstad [mailto:J_Halstad@S...]

Sent: Wednesday, January 30, 2002 4:56 AM

To: ASP Web HowTo

Subject: [asp_web_howto] Passwords





I need to create a password protected directory on a web site. Am

concerned that some users may have disabled cookies. I believe that if

this is the case sessions cannot be used because they send cookies. I

haven't figured out a way to do this without my code being visible.



Can someone point me in the right direction?



************************************************************************

***

This e-mail and any files transmitted with it are confidential and

intended solely for the use of the individual or entity to whom they are

addressed If you have received this e-mail in error please notify

seafish@s...



If the content is not about the business of the Sea Fish Industry

Authority or the sea fish industry then the message is neither from nor

sanctioned by the Sea Fish Industry Authority.






$subst('Email.Unsub').

You need some kind of state management system - one popular way is using

cookies (or sessions that use cookies)



Another possible way would be to use what is already available via HTTP, eg

Basic or (if using IE), WinNT Integrated Authentication, where the browser

maintains the user's logon credentials and the user is authenticated on a

page-by-page basis.



Another option would be to maintain a database of active sessions, and pass

the session key (some kind of GUID) around in the URL.



Whatever you do, you're going to need somekind of state management system. I

suggest you look at what your design specifications call for in terms of

minimum browser support, then work from that.



Cheers

Ken



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From: "Jean Halstad" <J_Halstad@S...>

Subject: [asp_web_howto] Passwords





: I need to create a password protected directory on a web site. Am

concerned

: that some users may have disabled cookies. I believe that if this is the

: case sessions cannot be used because they send cookies. I haven't figured

: out a way to do this without my code being visible.

:

: Can someone point me in the right direction?



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi Jean,



I did an article on a very simple way to password protect a directory in ASP

3.0 at:  http://www.kuam.com/techtalk/passwordprotection.htm



HTH,

Jason



---------------------------------------------------

Jason Salas, MBA, MCP

Web Development Manager

President, .NET User Group of Guam

Pacific Telestations, Inc. (dba, "KUAM")

Phone:  (xxx) xxx-xxxx

Mailto: jason@k...

URL: http://www.kuam.com





----- Original Message -----

From: "Jean Halstad" <J_Halstad@S...>

To: "ASP Web HowTo" <asp_web_howto@p...>

Sent: Wednesday, January 30, 2002 7:56 PM

Subject: [asp_web_howto] Passwords





> I need to create a password protected directory on a web site. Am

concerned

> that some users may have disabled cookies. I believe that if this is the

> case sessions cannot be used because they send cookies. I haven't figured

> out a way to do this without my code being visible.

>

> Can someone point me in the right direction?

>

>

***************************************************************************

> This e-mail and any files transmitted with it are confidential and

intended

> solely for the use of the individual or entity to whom they are addressed

> If you have received this e-mail in error please notify

> seafish@s...

>

> If the content is not about the business of the Sea Fish Industry

Authority

> or the sea fish industry then the message is neither from nor sanctioned

> by the Sea Fish Industry Authority.

>




$subst('Email.Unsub').

>

Sorry, Ron, I didn't explain myself properly. I need to carry over the

information that the user has logged on from page to page. On each page I

have done this to check if the user is logged on:



loggedOn = Request.querystring("loggedOn")

if loggedOn <> "yes" then 

	response.redirect "../logon.htm"

end if



And this to carry forward the logged on information to the next page.



<a href="article1.asp?loggedOn=yes">



Of course all this is visible to the user. That's my problem. Sorry to mess

you about.



Set up a form requiring a password and do the testing for the password

using server side side code embedded  ...I use this for my application.

User does a view source but does not see the <% %> code.



-----Original Message-----

From: Jean Halstad [mailto:J_Halstad@S...] 

Sent: Wednesday, January 30, 2002 4:56 AM

To: ASP Web HowTo

Subject: [asp_web_howto] Passwords





I need to create a password protected directory on a web site. Am

concerned that some users may have disabled cookies. I believe that if

this is the case sessions cannot be used because they send cookies. I

haven't figured out a way to do this without my code being visible.



Can someone point me in the right direction?





***************************************************************************

This e-mail and any files transmitted with it are confidential and intended

solely for the use of the individual or entity to whom they are addressed

If you have received this e-mail in error please notify

seafish@s...



If the content is not about the business of the Sea Fish Industry Authority

or the sea fish industry then the message is neither from nor sanctioned

by the Sea Fish Industry Authority.

Since Session Variables need cookies enabled, there really is only 3

ways that I can see you doing this by not using session variables.

1.  Use the querystring as you have indicated.

2.  Use a Database with the userid/password and have a new column for

activity.

3.  Use a form the user does not see and just pass "loggedOn=3Dyes" with 

a

request.form to each asp. 

Either one of the choices makes for a pain.  If you choose 2 or 3, you

may want to think of using an include to save redundant code (also makes

it easier to change in the future).



-----Original Message-----

From: Jean Halstad [mailto:J_Halstad@S...]

Sent: Thursday, January 31, 2002 6:42 AM

To: ASP Web HowTo

Subject: [asp_web_howto] re: passwords





Sorry, Ron, I didn't explain myself properly. I need to carry over the

information that the user has logged on from page to page. On each page

I have done this to check if the user is logged on:



loggedOn =3D Request.querystring("loggedOn")

if loggedOn <> "yes" then

	response.redirect "../logon.htm"

end if



And this to carry forward the logged on information to the next page.



<a href=3D"article1.asp?loggedOn=3Dyes">



Of course all this is visible to the user. That's my problem. Sorry to

mess you about.



Set up a form requiring a password and do the testing for the password

using server side side code embedded  ...I use this for my application.

User does a view source but does not see the <% %> code.



-----Original Message-----

From: Jean Halstad [mailto:J_Halstad@S...]

Sent: Wednesday, January 30, 2002 4:56 AM

To: ASP Web HowTo

Subject: [asp_web_howto] Passwords





I need to create a password protected directory on a web site. Am

concerned that some users may have disabled cookies. I believe that if

this is the case sessions cannot be used because they send cookies. I

haven't figured out a way to do this without my code being visible.



Can someone point me in the right direction?





************************************************************************

***

This e-mail and any files transmitted with it are confidential and

intended solely for the use of the individual or entity to whom they are

addressed If you have received this e-mail in error please notify

seafish@s...



If the content is not about the business of the Sea Fish Industry

Authority or the sea fish industry then the message is neither from nor

sanctioned by the Sea Fish Industry Authority.






$subst('Email.Unsub').