Link to home
Start Free TrialLog in
Avatar of kousis
kousis

asked on

asp-security

If one of the user adds a link of a secured page to his favourite and in the latter time he wants to   have a look at the page. As it is a secured page we do not display the page to him instead he gets a login page once the user is authenticated then they have to get back to the page which the user is interested it.
For this I have to get the Address from the address bar and have it, so that I can redirect him.
How Do I get it?

TIA
Avatar of Michel Sakr
Michel Sakr
Flag of Canada image
no.. you put a security mechanism that redirects him to the login page if he's not logged in (it reads mostly session variable)

Avatar of Michel Sakr
Michel Sakr
Flag of Canada image
Try like this


Creating a login for a section of your web site is fairly easy. First, create a login form (loginForm.asp):
 
<form action=loginHandler.asp method=post>
        Username: <input type=text name='username'><BR>
        Password: <input type=password name='password'><BR>
        <input type=submit Value='Log In'><BR>
</form>
 
 
Next, create a login handler (loginHandler.asp):
 
<%
    '---------------------------------------------------------
    '-- check to see that the form was completely filled out--
    '---------------------------------------------------------
    if request.form("username")="" or request.form("password")="" then
        response.redirect("loginForm.asp")
    end if
 
    '---------------------------------------------------------
    '-- open your database connection and check for a record--
    '---------------------------------------------------------
    set conn = server.createObject("ADODB.Connection")
    conn.open "<insert connection string here>"
    u = lcase(request.form("username"))
    p = lcase(request.form("password"))
    sql = "select lin = count(username) from logintable where lower("
    sql = sql & "username)='" & u & "' and lower(password)='" & p & "'"
    set rs = conn.execute(sql)
     
    '--------------------------------------------------------
    '-- Decide whether to let them in --
    '--------------------------------------------------------
    if rs("lin")<>1 then  
        'access Denied
        response.redirect ("loginForm.asp")
    end if
    session("login")=true
    response.redirect ("hiThere.asp")
%>
 
 
Finally, at the top of each page, you test the session variable that you assigned in the script above:
 
<%
    if not session("login") then
        response.redirect("loginForm.asp")
    end if
%>


rgrds
ASKER CERTIFIED SOLUTION
Avatar of dredge
dredge
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of harnal
harnal
Umm.....Silvers5...What happens when a user that has cookies turned off tries to access the site?  Session variables ain't goona work.
Avatar of Michel Sakr
Michel Sakr
Flag of Canada image
Well yes.. but remember that only less than 3% of users have cookies off! otherwise he'll need to make it the amazon.com way.. pass query strings or hidden fields values from/to each page.. which is pain in the A** :o)  we use cookies and lots of them since by default cookies are enabled and the vast majority of internet users don't know how to disable them.. the pluses of the cookies are more than the minuses

rgrds
Avatar of Netminder
Netminder
Force/accepted by

Netminder
Community Support Moderator
Experts Exchange