Hello,

I'm not quiet new though not very expirienced to ASP.
I have an website where there could be two types of users.
Dealers and Consumer. Consumers can view the site without having to log in, Dealers have to log in. Consumers on the other hand shouldnt be able to see some information in certain pages which the Dealers should see. What is the best solution to accomplish this without doubling the code?

I thought to put the "user role"" in an session variable, but is that steady enough trough the whole site?

I hope someone can give me some advice.

Thank you in advance!!

Regards,

Peter

Session variable, for sure.

I'd just use the dealer's login name as the "credential". The lack of such a session variable indicates the user is not a dealer. Simple as that.

<%
... check login credentials ...
If LoginOkay Then
    Session("Login") = DealerName
    ...
%>

And then, on each page where login is required:

<%
If Trim("" & Session("LogIn")) = "" Then Server.Transfer "login.asp"
%>

Or similar.

Old Pedant,

Quick question about the line -
Firstly my draconian version would have been -
what is the advantage of using
Secondly what is your reason for using Server.Transfer instead of response.redirect?

Most of my coding is a mix of finger in air and example based learning so apologies for not understanding what i am sure is obvious.


Cheers


Aspless

If a session variable is not defined, then it is EMPTY.

That is,
    Response.Write TypeName(Session("asdfasdfasdf"))
will produce "Empty" for output.

And I'm paranoid. Too many times, I've used Empty values where a string value is needed and gotten type mismatch errors.

But I *know* that doing
    "" & EmptyValue
will produce
    ""
as a result. (String concatenation of empty or null does not change the appended-to string).

But you are right, for comparison vs. "", your code is just fine.

Just too much paranoia on my part.

**********

Response.Redirect works by sending an HTTP message back to the browser telling it that the desired URL has "temporarily moved" (301 or 302 error...I always forget which is which). Further, you can't use Response.Redirect if *anything* has already been sent to the browser. So, for example, if you have boilerplate code at the top of the page that sends out content type and what not, you really should do a Response.Clear before the Response.Redirect (but IIS 5 and above handle this for you).

Server.Transfer is done 100% on the server. The browser is completely unaware that the transfer has occurred. So the URL is still the original one, so far as the browser is concerned.

Which is better? Depends entirely on what you are doing.

Oh...one minor advantage: You can put values into session variables and then do a Server.Transfer and the values will be available in the transferred-to page. EVEN IF THE USER HAS COOKIES TURNED OFF! That's because the two pages share the same HTTP Request and so share the same sessionid, which won't be true if cookies are turned off and you do a Response.Redirect.

So... No definitive answer. You get to pick and choose.

Thanks Old Pedant.

I see your point re - the empty output .. Good to know.

Also thanks for explaining the server.transfer function.

Cheers

A slightly more informed Aspless