Initiating a Session for a Remote Shopper

rmcmillian · December 11th, 2004, 12:52 PM

On a website running on IIS 4.0 and Windows NT 4.0, I'm working to enable it for remote shopping and need to initiate a session on the site for a remote user and to log that remote user onto the site using that session.
How do I do this? I'm thinking I can send an http request to site and capture the SessionID generated and send SessionID back in the request to log the user on. If this is not the correct forum, what is a good forum to post this question?

mat41 · December 11th, 2004, 06:11 PM

;;;initiate a session on the site for a remote user and to log that remote user onto the site using that session

BTW: Any values held in the session object expire after the session has finished, every new visit is a new session.

If its a shopping site, your users would feel more secure logging in using a username/password authenticating against values in a DB from an initial sign up, have I understood your post correctly?

;;;what is a good forum to post this question?
This would be the correct forum

Wind is your friend
Matt

rmcmillian · December 13th, 2004, 11:03 AM

Matt, are you confirming my approach? If so, how do you initiate a session, capture that session's ID and pass this session ID in subsequent call logging the user on?

mat41 · December 13th, 2004, 06:15 PM

;;;Matt, are you confirming my approach?
No, not exactly. My suggstion would be as it was above:

If its a shopping site, your users would feel more secure logging in using a username/password authenticating against values in a DB from an initial sign up. Use session varibales sparingly to carry values 'once logged in' from page to page. An example:

1..User visits your site and registers by entering a user name and password and any other info you ask for(this logs them on)
2..Once logged on I would carry a userlevel and or a user ID (the unique field representing them in the user table) from page to page in a session variable Eg;Run sql to get records then:
session("uId") = recordSetName("id")
session("uLevel) = recorSetName("ul")
3..Now on any given page you may query the DB for any information regarding this user on thier session("uId") and show information relating to thier session("uLevel) (an integer EG; 0 = admin, 1 = general, 2 = readonly...)

In addition, as mentioned above. Any values held in the session object expire after the session has finished, every new visit is a new session. You can not identify a user based on a previous session or the variabled it contained unless they were inserted into the data base or you created a cookie on the clients machine (cookies not ideal)

Wind is your friend
Matt