Results 1 to 4 of 4

Thread: Problems with session

  1. #1

    Thread Starter
    Frenzied Member CyberCarsten's Avatar
    Join Date
    Sep 1999
    Location
    Aalborg Ø, Denmark
    Posts
    1,544

    Problems with session

    Hi
    I have an administrative area on my website. I protect these pages using sessions. The login part works fine. I can't view the protected pages if I havent first logged it, but my logout script doesn't work. After clicking logout, I can still view protected pages...

    login.asp
    Code:
    <html>
    <title>Admin</title>
    <head>
    <meta name="Microsoft Theme" content="ripple 1011">
    </head>
    <body>
    <%
    ' Tjek om login og password er korrekte
    If Request.Form("login") = "admin" AND Request.Form("password") = "somepassword" Then
    
    ' If correct login, then true
      Session("login") = "true"
      Session.Timeout = 30
      Response.Write "<h1>You have been logged on!</h1>"
      Response.redirect("protected.asp")
    
    Else
    
    ' If incorrect login, then false
      Session("login") = "false"
      Session.Timeout = 30
      Response.Write "<h1>Access Denied!</h1><br/>"
      Response.Write"You could not be authorized to access the page you requested.<br/>"
      Response.Write"Either the credentials you supplied are wrong, or you do not have permission to access this ressource. Please contact the administrator.<br/>"
      Response.Write "<p><a href='login.html'>Back to login</a></p>"
    
    End If
    %>
    </body>
    </html>
    Protected page:
    Code:
    <%
    ' If the user is not logged on
    ' he/she is sent back to login
    
    If Session("login") <> "true" Then
      Response.Redirect "login.html"
    End If
    
    %>
    <html>
    <title>Admin area</title>
    <head>
    <meta name="Microsoft Theme" content="ripple 1011">
    </head>
    <body>
    <p align="center"><font size="5">Administrative Area</font></p>
    <hr>
    <p align="left"><b>File upload to server</b></p>
    <form method="POST" enctype="multipart/form-data" action="--WEBBOT-SELF--">
    	<!--webbot bot="FileUpload" U-File="fpweb:///_private/form_results.csv" S-Format="TEXT/CSV" S-Label-Fields="TRUE" -->
    	<p align="left"><input type="file" name="F1" size="20"></p>
    	<p align="left"><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"></p>
    </form>
    <hr>
    <p align="left"><b><a href="vnc.htm">VNC Connection to server</a></b></p>
    <hr>
    <p align="left">&nbsp;</p>
    <p align="left"><b><a href="logout.asp">Logout</a></b></p>
    </body>
    </html>

    logout.asp
    Code:
    <html>
    
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <title>New Page 1</title>
    </head>
    
    <body>
    <%
    
    Session("login") = "false"
    Session.Timeout = 30
    Session.Abandon
    Response.redirect("login.html")
    %>
    
    </body>
    
    </html>
    Can anyone see whats wrong??
    razor
    Software Engineer Student, Aalborg University, Denmark
    http://www.cs.auc.dk

    My email at AUC: will get a new email soon
    My website: http://www.razorsoftware.net


    Windows XP Pro/ Gentoo Linux (Laptop)
    Windows XP Pro (Home PC)

  2. #2
    Member dorbian's Avatar
    Join Date
    Apr 2002
    Location
    amsterdam - netherlands
    Posts
    62

    Re: Problems with session

    i wouldn't use Session("login") = "false" but False and True, this works more system based, and is safer.

    And just Session.Abandon should clear all the session data, you don't need the other info.

    VB Code:
    1. btw
    2. If Session("login") = False Then
    3.   Response.Redirect "login.html"
    4. End If

    would also do the trick.

    you would have to edit the rest of the pages to have False and True instead of the "true" and "false".

    -Dorbian

  3. #3

    Thread Starter
    Frenzied Member CyberCarsten's Avatar
    Join Date
    Sep 1999
    Location
    Aalborg Ø, Denmark
    Posts
    1,544

    Re: Problems with session

    Hi
    Even after making these changes, I can still access the protected pages after I "logout"...any ideas?
    razor
    Software Engineer Student, Aalborg University, Denmark
    http://www.cs.auc.dk

    My email at AUC: will get a new email soon
    My website: http://www.razorsoftware.net


    Windows XP Pro/ Gentoo Linux (Laptop)
    Windows XP Pro (Home PC)

  4. #4

    Thread Starter
    Frenzied Member CyberCarsten's Avatar
    Join Date
    Sep 1999
    Location
    Aalborg Ø, Denmark
    Posts
    1,544

    Re: Problems with session

    Solved! Disabled caching did the trick
    razor
    Software Engineer Student, Aalborg University, Denmark
    http://www.cs.auc.dk

    My email at AUC: will get a new email soon
    My website: http://www.razorsoftware.net


    Windows XP Pro/ Gentoo Linux (Laptop)
    Windows XP Pro (Home PC)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width