ASP and sessions

Hello ALL,

I am wondering if someone can help me out regarding ASP pages using sessions and my MS SQL 2000 for my login record. If a user visits a page in my site that is part of the set of screens that appear after the login is accepted- I want to avoid unauthrorized users from visiting those pages if they don't have a session with their logon. If they don't have a session, they get re-directed to my home page.. I NEED security!
Some smart users or hackers can type the URL directly and I need them to stay out- get bumped!


Thanks.

Simply use response.redirect to redirect users that don't have the "logged in" session variable.

When a user logs in after authenticating by supplying a username and password stored in the database, set a session variable that holds a value. For example, you could store thier username in a session variable called "username".

<%
...
...
If NOT rs.EOF OR NOT rs.BOF Then
'This is a valid user
Session("username") = rs.Fields.Item("username").Value
Else
'Invaild username
Response.Redirect("homepage.asp")
End If
...
...
%>

Now you have a session variable that can tell you whether or not the user is logged in, and you can check for the existence of this session on any pages that need protection.

The best way to accomplish this is to include a snippet similar to the following on every page that you would like to protect:

<%
If Session("username") = "" Then
Response.Redirect("homepage.asp")
End If
%>

You could optionally place this snippet in an include file ("inc_security.asp") and include it on any page that requires it.

plz contact me at my email i will send u
code


Brainmaster2010@hotmail.com

bye n take care