Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old November 11th, 2003, 01:44 PM
Authorized User
 
Join Date: Jun 2003
Location: , , .
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
Default Session

Hi,

I have a human resource web base application in ASP. The application is used for tracking employees' vacation and sick leave accrual or taken time. Only our human resource personnel is authorized to use this application. Now, I want to let each employee to view only his/her own vacation/sick leave time. Does anyone know what are the steps I need to do to get this works. I have heard of using session. How do I pass each employee ID to all the page if using session?

Thanks,

Quinn
Reply With Quote
  #2 (permalink)  
Old November 11th, 2003, 01:56 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

You'll need to create a login system so each user could login to access their data. You could then also provide the ability for to set access levels to users so the HR people can access all users. For the login system you can maintain the state of who the user is in the session object. Then you use that value to query the database to access that user's data. For the HR people, you can provide a page to view a list of users, then potentially use the same page to view individual users data as the users themselves use. You just need to check the logged in user's access level for the operations you need to allow or dissallow. You'll have to check the user access level at the start of each page in order to check that the logged in user is allowed to access the page (for example, the "userList" page, only HR authorized users can see that). If the page fails access check, you can kick them out to a default page.

Sorry for such a vague answer. It's hard to answer without more specific questions. :)

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #3 (permalink)  
Old November 11th, 2003, 05:09 PM
Authorized User
 
Join Date: Jun 2003
Location: , , .
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
Default

Peter,

Would you specify what exact steps to approach the solution. To be more detail, my question is how can I pass the user login password to each page so that only the login user data is displayed not to mention there is an employee id in the Employee table. For example, after a user logins the system, only his/her data is populated from the database in a dropdown box so that he/she can view his/her own data only not any body else. Like online banking system, only an authorized person can have access to his/her account.

Thanks,

Q
Reply With Quote
  #4 (permalink)  
Old November 11th, 2003, 05:43 PM
Friend of Wrox
 
Join Date: Oct 2003
Location: Cairo, , Egypt.
Posts: 336
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to alyeng2000
Default

extension to planoie view
i see to attach the session variable (you made after logged from login page) to each query,procedure sent to the database you use, then the user will see only the data belongs to him.

Ahmed Ali
Software Developer
Reply With Quote
  #5 (permalink)  
Old November 12th, 2003, 03:07 AM
Authorized User
 
Join Date: Jul 2003
Location: Athens, , Greece.
Posts: 50
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The data of a Session variable are available to every page in your site..If you define a Session variable in the Global.asa file of your site you can change or retrieve its data, whenever you want..I send some code below on how Session variables are defined in the global.asa file..The other thing is the personalization..An example for this would be a query to the database for a particular user. It will look like this:
Code:
strSQL="SELECT * FROM (your table) WHERE PWD='" & Session("usrPwd") &"'"
.. This way you retrieve the data that concern the current user, because its user gets its own Session variable..Now in order to assign a value, when you check the password, if its correct, do this:
Session("usrPwd")= (users Password)

And here is some more code:

'Global.asa
Code:
<SCRIPT RUNAT=SERVER LANGUAGE=VBSCRIPT>
    SUB SESSION_ONSTART
        'Set Con2 = Server.createobject("ADODB.Connection")
        Maindb.connectionstring = "DSN=icom;pwd=hr;uid=hr"
        Maindb.Open
        Session("TmpKod_Ypal")=""
        Session("TmpEpon_ypal")=""
        Session("TmpOnom_ypal")=""
        Session("Mail_ypal")=""
        Session("Pwd_ypal")=""
    END SUB

    SUB SESSION_ONEND
        'Set Con2 = Server.createobject("ADODB.Connection")        
        Maindb.Close
        Session("TmpKod_Ypal")=""
        Session("TmpEpon_ypal")=""
        Session("TmpOnom_ypal")=""
        Session("Pwd_ypal")=""
        Session("Mail_ypal")=""

    END SUB
</SCRIPT>
I guess its a small story but hope it helps :)

Kostas Lagos

Reply With Quote
  #6 (permalink)  
Old November 12th, 2003, 01:09 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

If I may stand on my soapbox for a moment and add a couple points to kosla78's post:
  • You don't have to define session entries in the global to use them. You can set and call them from anywhere without having set them to an empty string in the global. They will simply return empty if they don't exist yet.
  • I wouldn't recommend selecting a row from SQL on only the password field. What happens if two people had the same password? Unless the password field has a unique constraint on it (which it really shouldn't) you could have problems. Better to select on both the userid/username and password so all you need to do is check that a row was returned.
  • I highly dissuade storing database connections, or any object in the session object in ASP. Among other reasons, the SESSION_ONEND global handler is not reliable. Also you will end up with a connection object for every session that's started up (and possibly not have them destroyed due the previous point. Rule of thumb is "open late, close early". Open the database connection as late as you can before you actually use it, and close it as soon as you are done. Otherwise you'll have lots of wasted resources.
  • It's not necessary to re-set the session values to empty strings on the SESSION_ONEND event (even if it DID work :)). When ASP expires the session, all session entries for that session will disappear.

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #7 (permalink)  
Old November 17th, 2003, 02:52 AM
Authorized User
 
Join Date: Jul 2003
Location: Athens, , Greece.
Posts: 50
Thanks: 0
Thanked 0 Times in 0 Posts
Default

OK.., it seems like i have to put some things in place..

a)I didn't say that Session variables are ONLY defined in global.asa. I just use them that way, that was only an example

b)The SQL was also just an example on how to use the Session variable. Besides, I dont have duplicate passwords in my db, as i create them with some kind of keygen and they are unique.

c)I dont think that I've assigned any object to my Session variables. The connection is open from the start as i need it that way. I didnt have issues so far. I know I could have used include file but I prefer the former way.

d)Yeah, you're right about the SESSION_ON_END, that was a crap of mine and forgot o get it out :)

Cheers
Kostas Lagos

Reply With Quote
  #8 (permalink)  
Old November 17th, 2003, 11:16 AM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Kosta,

I'm curious about something... In this code:

    SUB SESSION_ONSTART
        'Set Con2 = Server.createobject("ADODB.Connection")
        Maindb.connectionstring = "DSN=icom;pwd=hr;uid=hr"
        ...
    END SUB

where is Maindb declared and where does it live? When I skimmed this code the first time, I guess I was under the impression that you were putting this in the session object but I know see that is not written there.

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
  #9 (permalink)  
Old November 18th, 2003, 08:40 AM
Authorized User
 
Join Date: Jul 2003
Location: Athens, , Greece.
Posts: 50
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Its declared as object in the global.asa file.The scope is Session, so if this counts as a session variable you're right. Im under the impression that this is just an initialization of the object. Here is the missing link:
Code:
<OBJECT RUNAT=Server SCOPE=Session ID=MyInfo PROGID="MSWC.MyInfo">
</OBJECT>
<OBJECT    RUNAT=SERVER SCOPE=SESSION ID=Maindb PROGID="ADODB.CONNECTION">
</OBJECT>

<SCRIPT RUNAT=SERVER LANGUAGE=VBSCRIPT>
    SUB SESSION_ONSTART
        Maindb.connectionstring = "DSN=icom;pwd=hr;uid=hr"
        Maindb.Open
        Session("TmpKod_Ypal")=""
        Session("TmpEpon_ypal")=""
        Session("TmpOnom_ypal")=""
        Session("Mail_ypal")=""
        Session("Pwd_ypal")=""
    END SUB

    </SCRIPT>
Cheers
Kostas Lagos


Reply With Quote
  #10 (permalink)  
Old November 18th, 2003, 12:42 PM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

If you can access Maindb on any ASP page without the need to instantiate it (Server.CreateObject("ADODB.CONNECTION")) or to .Open() it, than it is definately living in the session. If you had to use the connection object that way, I'd recommend putting it in the application scope, because you at least then only have one open for everyone instead of 1 for each user.

A technique I have used in the past which kind of violates the rule of thumb that I go by (open late, close early) works pretty well for ASP pages because they are basically "one shot" executions (vs. a app that's sitting open on a desktop and in memory). This technique is probably more efficient because it doesn't require constant opening and closing of a DB connection for one page.

I create a helper include for DB interaction. On it is a globally declared DBConnection object. I have a couple functions to retrieve values, basically just wrappers around .Execute(). Inside of those functions, I check the object state of that global DBConn. If it's not an object yet, I instantiate it to the ADODB.Connection and open it. The I execute the query. Subsequent calls to the DB functions skip those parts and just execute the queries. Need to make sure that the page closes the connection so there's also a function to call at the end of the page to clean up the DB: close it and deallocate the object. This works well and is fast.

Peter
------------------------------------------------------
Work smarter, not harder.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
session komalpriya .NET Framework 2.0 4 October 30th, 2007 09:16 AM
session lakshmi devi Classic ASP Basics 4 July 20th, 2006 04:33 AM
session and cookie problem (empty session file) msincan BOOK: Beginning PHP, Apache, MySQL Web Development ISBN: 978-0-7645-5744-6 0 February 27th, 2005 05:31 PM
session help -Dman100- Classic ASP Basics 1 November 29th, 2004 12:45 AM
About Session mani_he Beginning PHP 7 September 18th, 2004 03:47 PM



All times are GMT -4. The time now is 09:22 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.