hello  all!

and welcome back ken,very happy to see you again.

I want to ask that I am making  a secure site where

through session variable I am using my variables and

other things

but what if the  user doesnt allow sessions???

how could I pass values and variables in absense of

sessions.page by page

I wil be grateful if you give an example of it

many thanx in advance

take care 

regards 

nusrat



--- Ken Schaefer <ken@a...> wrote:

> You need some kind of state management system - one

> popular way is using

> cookies (or sessions that use cookies)

> 

> Another possible way would be to use what is already

> available via HTTP, eg

> Basic or (if using IE), WinNT Integrated

> Authentication, where the browser

> maintains the user's logon credentials and the user

> is authenticated on a

> page-by-page basis.

> 

> Another option would be to maintain a database of

> active sessions, and pass

> the session key (some kind of GUID) around in the

> URL.

> 

> Whatever you do, you're going to need somekind of

> state management system. I

> suggest you look at what your design specifications

> call for in terms of

> minimum browser support, then work from that.

> 

> Cheers

> Ken

> 

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> From: "Jean Halstad" <J_Halstad@S...>

> Subject: [asp_web_howto] Passwords

> 

> 

> : I need to create a password protected directory on

> a web site. Am

> concerned

> : that some users may have disabled cookies. I

> believe that if this is the

> : case sessions cannot be used because they send

> cookies. I haven't figured

> : out a way to do this without my code being

> visible.

> :

> : Can someone point me in the right direction?

> 

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> 

> 





$subst('Email.Unsub').





__________________________________________________

Do You Yahoo!?

Great stuff seeking new owners in Yahoo! Auctions! 

http://auctions.yahoo.com

If cookies are enabled..

<%

dim myVal

myVal = "HI!"

Response.Cookies("MyVal") = myVal

%>

can be fetched

by 

<%

dim myVal

myVal = Request.Cookies("MyVal")

%>

-----Original Message-----

From: nusrat sarwar [mailto:nusratsarwar@y...]

Sent: Thursday, January 31, 2002 5:33 AM

To: ASP Web HowTo

Subject: [asp_web_howto] without sessions





hello  all!

and welcome back ken,very happy to see you again.

I want to ask that I am making  a secure site where

through session variable I am using my variables and

other things

but what if the  user doesnt allow sessions???

how could I pass values and variables in absense of

sessions.page by page

I wil be grateful if you give an example of it

many thanx in advance

take care 

regards 

nusrat



--- Ken Schaefer <ken@a...> wrote:

> You need some kind of state management system - one

> popular way is using

> cookies (or sessions that use cookies)

> 

> Another possible way would be to use what is already

> available via HTTP, eg

> Basic or (if using IE), WinNT Integrated

> Authentication, where the browser

> maintains the user's logon credentials and the user

> is authenticated on a

> page-by-page basis.

> 

> Another option would be to maintain a database of

> active sessions, and pass

> the session key (some kind of GUID) around in the

> URL.

> 

> Whatever you do, you're going to need somekind of

> state management system. I

> suggest you look at what your design specifications

> call for in terms of

> minimum browser support, then work from that.

> 

> Cheers

> Ken

> 

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> From: "Jean Halstad" <J_Halstad@S...>

> Subject: [asp_web_howto] Passwords

> 

> 

> : I need to create a password protected directory on

> a web site. Am

> concerned

> : that some users may have disabled cookies. I

> believe that if this is the

> : case sessions cannot be used because they send

> cookies. I haven't figured

> : out a way to do this without my code being

> visible.

> :

> : Can someone point me in the right direction?

> 

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> 

> 





$subst('Email.Unsub').





__________________________________________________

Do You Yahoo!?

Great stuff seeking new owners in Yahoo! Auctions! 

http://auctions.yahoo.com






$subst('Email.Unsub').

And if cookies are disabled you have to use a database and keep state

yourself. I like this method the best, the application then doesn't depend

on system values, you control ending sessions...



A secure framework can be created this way, but, you must have each page

post form values with the session ID to each other page.



tom mallard

seattle

-----Original Message-----

From: O'Hara, Elliott M [mailto:EMOHARA@k...]

Sent: Thursday, January 31, 2002 5:20 AM

To: ASP Web HowTo

Subject: [asp_web_howto] RE: without sessions





If cookies are enabled..

<%

dim myVal

myVal = "HI!"

Response.Cookies("MyVal") = myVal

%>

can be fetched

by

<%

dim myVal

myVal = Request.Cookies("MyVal")

%>

-----Original Message-----

From: nusrat sarwar [mailto:nusratsarwar@y...]

Sent: Thursday, January 31, 2002 5:33 AM

To: ASP Web HowTo

Subject: [asp_web_howto] without sessions





hello  all!

and welcome back ken,very happy to see you again.

I want to ask that I am making  a secure site where

through session variable I am using my variables and

other things

but what if the  user doesnt allow sessions???

how could I pass values and variables in absense of

sessions.page by page

I wil be grateful if you give an example of it

many thanx in advance

take care

regards

nusrat



--- Ken Schaefer <ken@a...> wrote:

> You need some kind of state management system - one

> popular way is using

> cookies (or sessions that use cookies)

>

> Another possible way would be to use what is already

> available via HTTP, eg

> Basic or (if using IE), WinNT Integrated

> Authentication, where the browser

> maintains the user's logon credentials and the user

> is authenticated on a

> page-by-page basis.

>

> Another option would be to maintain a database of

> active sessions, and pass

> the session key (some kind of GUID) around in the

> URL.

>

> Whatever you do, you're going to need somekind of

> state management system. I

> suggest you look at what your design specifications

> call for in terms of

> minimum browser support, then work from that.

>

> Cheers

> Ken

>

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> From: "Jean Halstad" <J_Halstad@S...>

> Subject: [asp_web_howto] Passwords

>

>

> : I need to create a password protected directory on

> a web site. Am

> concerned

> : that some users may have disabled cookies. I

> believe that if this is the

> : case sessions cannot be used because they send

> cookies. I haven't figured

> : out a way to do this without my code being

> visible.

> :

> : Can someone point me in the right direction?

>

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>

>





$subst('Email.Unsub').





__________________________________________________

Do You Yahoo!?

Great stuff seeking new owners in Yahoo! Auctions!

http://auctions.yahoo.com






$subst('Email.Unsub').






$subst('Email.Unsub').

Hi 

many thanx O,Hara and Tom

but Tom please (as i am thick at it)

can you show me how to write/ do it.

please!!

many thanx in advance

take care

regards

nusrat



--- TomMallard <mallard@s...> wrote:

> And if cookies are disabled you have to use a

> database and keep state

> yourself. I like this method the best, the

> application then doesn't depend

> on system values, you control ending sessions...

> 

> A secure framework can be created this way, but, you

> must have each page

> post form values with the session ID to each other

> page.

> 

> tom mallard

> seattle

> -----Original Message-----

> From: O'Hara, Elliott M

> [mailto:EMOHARA@k...]

> Sent: Thursday, January 31, 2002 5:20 AM

> To: ASP Web HowTo

> Subject: [asp_web_howto] RE: without sessions

> 

> 

> If cookies are enabled..

> <%

> dim myVal

> myVal = "HI!"

> Response.Cookies("MyVal") = myVal

> %>

> can be fetched

> by

> <%

> dim myVal

> myVal = Request.Cookies("MyVal")

> %>

> -----Original Message-----

> From: nusrat sarwar [mailto:nusratsarwar@y...]

> Sent: Thursday, January 31, 2002 5:33 AM

> To: ASP Web HowTo

> Subject: [asp_web_howto] without sessions

> 

> 

> hello  all!

> and welcome back ken,very happy to see you again.

> I want to ask that I am making  a secure site where

> through session variable I am using my variables and

> other things

> but what if the  user doesnt allow sessions???

> how could I pass values and variables in absense of

> sessions.page by page

> I wil be grateful if you give an example of it

> many thanx in advance

> take care

> regards

> nusrat

> 

> --- Ken Schaefer <ken@a...> wrote:

> > You need some kind of state management system -

> one

> > popular way is using

> > cookies (or sessions that use cookies)

> >

> > Another possible way would be to use what is

> already

> > available via HTTP, eg

> > Basic or (if using IE), WinNT Integrated

> > Authentication, where the browser

> > maintains the user's logon credentials and the

> user

> > is authenticated on a

> > page-by-page basis.

> >

> > Another option would be to maintain a database of

> > active sessions, and pass

> > the session key (some kind of GUID) around in the

> > URL.

> >

> > Whatever you do, you're going to need somekind of

> > state management system. I

> > suggest you look at what your design

> specifications

> > call for in terms of

> > minimum browser support, then work from that.

> >

> > Cheers

> > Ken

> >

> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> > From: "Jean Halstad" <J_Halstad@S...>

> > Subject: [asp_web_howto] Passwords

> >

> >

> > : I need to create a password protected directory

> on

> > a web site. Am

> > concerned

> > : that some users may have disabled cookies. I

> > believe that if this is the

> > : case sessions cannot be used because they send

> > cookies. I haven't figured

> > : out a way to do this without my code being

> > visible.

> > :

> > : Can someone point me in the right direction?

> >

> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> >

> >





> $subst('Email.Unsub').

> 

> 

> __________________________________________________

> Do You Yahoo!?

> Great stuff seeking new owners in Yahoo! Auctions!

> http://auctions.yahoo.com

> 





> $subst('Email.Unsub').

> 





> $subst('Email.Unsub').

> 

> 





$subst('Email.Unsub').





__________________________________________________

Do You Yahoo!?

Great stuff seeking new owners in Yahoo! Auctions! 

http://auctions.yahoo.com

Current users table has: ID, username, PID, SID, UID, group, expires,

lastSession



When a user first hits, there's no session ID so I create one, along with a

UID. These are two functions which create strings which can't be duplicated,

kinda' like GUIDs but they aren't GUIDs. They are based on randomizing but

also on the integer and mantissa of a function of Timer which returns two

booleans.



Anyway, the SID is used on each page, you won't need the UID for most app's.

The group is to carry permissions in the current users table. There's a user

table which has customer info and is used to validate the entries.



Most of the app's I write to use frames and return to the mainframe

default.asp for every hit, checking SID every time. It takes 3-4 pages of

code for this on the back end...



tom

-----Original Message-----

From: nusrat sarwar [mailto:nusratsarwar@y...]

Sent: Thursday, January 31, 2002 7:20 AM

To: ASP Web HowTo

Subject: [asp_web_howto] RE: without sessions





Hi

many thanx O,Hara and Tom

but Tom please (as i am thick at it)

can you show me how to write/ do it.

please!!

many thanx in advance

take care

regards

nusrat



--- TomMallard <mallard@s...> wrote:

> And if cookies are disabled you have to use a

> database and keep state

> yourself. I like this method the best, the

> application then doesn't depend

> on system values, you control ending sessions...

>

> A secure framework can be created this way, but, you

> must have each page

> post form values with the session ID to each other

> page.

>

> tom mallard

> seattle

> -----Original Message-----

> From: O'Hara, Elliott M

> [mailto:EMOHARA@k...]

> Sent: Thursday, January 31, 2002 5:20 AM

> To: ASP Web HowTo

> Subject: [asp_web_howto] RE: without sessions

>

>

> If cookies are enabled..

> <%

> dim myVal

> myVal = "HI!"

> Response.Cookies("MyVal") = myVal

> %>

> can be fetched

> by

> <%

> dim myVal

> myVal = Request.Cookies("MyVal")

> %>

> -----Original Message-----

> From: nusrat sarwar [mailto:nusratsarwar@y...]

> Sent: Thursday, January 31, 2002 5:33 AM

> To: ASP Web HowTo

> Subject: [asp_web_howto] without sessions

>

>

> hello  all!

> and welcome back ken,very happy to see you again.

> I want to ask that I am making  a secure site where

> through session variable I am using my variables and

> other things

> but what if the  user doesnt allow sessions???

> how could I pass values and variables in absense of

> sessions.page by page

> I wil be grateful if you give an example of it

> many thanx in advance

> take care

> regards

> nusrat

>

> --- Ken Schaefer <ken@a...> wrote:

> > You need some kind of state management system -

> one

> > popular way is using

> > cookies (or sessions that use cookies)

> >

> > Another possible way would be to use what is

> already

> > available via HTTP, eg

> > Basic or (if using IE), WinNT Integrated

> > Authentication, where the browser

> > maintains the user's logon credentials and the

> user

> > is authenticated on a

> > page-by-page basis.

> >

> > Another option would be to maintain a database of

> > active sessions, and pass

> > the session key (some kind of GUID) around in the

> > URL.

> >

> > Whatever you do, you're going to need somekind of

> > state management system. I

> > suggest you look at what your design

> specifications

> > call for in terms of

> > minimum browser support, then work from that.

> >

> > Cheers

> > Ken

> >

> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> > From: "Jean Halstad" <J_Halstad@S...>

> > Subject: [asp_web_howto] Passwords

> >

> >

> > : I need to create a password protected directory

> on

> > a web site. Am

> > concerned

> > : that some users may have disabled cookies. I

> > believe that if this is the

> > : case sessions cannot be used because they send

> > cookies. I haven't figured

> > : out a way to do this without my code being

> > visible.

> > :

> > : Can someone point me in the right direction?

> >

> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> >

> >





> $subst('Email.Unsub').

>

>

> __________________________________________________

> Do You Yahoo!?

> Great stuff seeking new owners in Yahoo! Auctions!

> http://auctions.yahoo.com

>





> $subst('Email.Unsub').

>





> $subst('Email.Unsub').

>

>





$subst('Email.Unsub').





__________________________________________________

Do You Yahoo!?

Great stuff seeking new owners in Yahoo! Auctions!

http://auctions.yahoo.com






$subst('Email.Unsub').