I use session for login user to open member area. But in the member area after I click some link in this area, suddenly quick to the member area and back to the login form again. Can someone to help me?
Can you please send us the the code where you are registering your session (from both pages, login.aspx and member.aspx) ...
Here is my solution on how to do this on the simplest way login.aspx ---------------------------- protected void Page_Load(object sender, EventArgs e) { } protected void btnLogin_Click(object sender, EventArgs e) { // this is the login button click method string globalSessionVar = "global"; // random variable that I give with which I will check if the session exists SqlConnection con = new SqlConnection("connection string here"); SqlCommand com = new SqlCommand("select username, password from usernames where username='"+txtBoxUsername.Text+"' and password='"+txtboxPassword.Text+"', con); com.CommandType = CommandType.Text; SqlDataReader dr = com.ExecuteReader(); if (dr.HasRows) { Session["global"] = globalSessionVar Session["myusername"] = txtBoxUsername.Text; Response.Redirect("Members.aspx"); } else { labelInfo.Text = "<font color='red'>Wrong username or password</font>"; } } ------------------------------------------------------------------------------------ On Members.aspx ---------------------------- protected void Page_Load(object sender, EventArgs e) { string globalSessionVarM = "global"; // you don't need these but if you want you can perform more secure check in the if / else statements if (Session["global"] == null) { Response.Redirect("Default.aspx"); } else { Label1.Text = "Welcome " + Session["myusername"].ToString(); } } -------------------------------
At end... on: Members.aspx page you can add an Logout button ---------------------------- protected void btnLogout_Click(object sender, EventArgs e) { Session.Abandon(); // Clearing all sessions Session["global"] = ""; // if for some case the sessions are not cleared, I'm simply modifing the global session to "" (null string) .. so it will again LOG YOU OUT Response.Redirect("~/Default.aspx"); }
I see... I just though u r speaking for ASP.NET coz many users are mixing asp / asp.net ... Anyway, I would recommend u to jump on ASP.NET... it would be much better for u and it has bright future .. I haven't programmed in Classic ASP for long time, but you can post ur code here so I will look forward to help u. Cheers...
Hm..., okey. here my classic ASP code: default.asp <!-- #include file="include/login_util.asp" --> <% ... ... call cek_login_session_status() ... ... %> login_util.asp <% function loginForm() %> <center> <form method="post" action="default.asp" ID="Form1"> <table cellpadding="5" cellspacing="0" border="0" width="250" ID="Table1"> <tr><td colspan="3" background="images/form_head_bg.jpg" height="30" class="judul">Silahkan Login</td></tr> </table> <table width="250" cellpadding="5" cellspacing="0" class="border" ID="Table2"> <tr bgcolor="#FFFFFF"> <td width="20%" valign="top" class="teks">Nama:</td> <td><input type="text" name="txtUsername" width="40" ID="Text1"/></td> </tr> <tr bgcolor="#FFFFFF"> <td width="20%" class="teks"><p class="form">Password:</p></td> <td width="80%"><input type="password" name="txtPassword" size="20" ID="Password1"></td> </tr> <tr> <td width="100%" colspan="2" align="center"><input type="submit" value="Login" name="btnLogin" ID="Submit1"></td> </tr> </table> <% if session("validpass") = "no" then response.write("**Please Re-Enter your login details**") end if %> </table> </center> <% end function function cek_login_session_status() NilS=session("is_login") if NilS=1 then else if request.Form("btnLogin") = "Login" then call do_login() else response.Redirect "login.asp" response.End() end if end if end function function do_login() Session.Timeout = 720 strUser = Request.Form("txtUsername") strPassword = Request.Form("txtPassword") if strUser = "" or strPassword = "" then response.redirect "login.asp" response.End() else vSQL = "SELECT id_employee, name, user_privileges FROM employee WHERE web_user_name= '" & strUser & "' AND web_password='" & strPassword & "'" Set rsUsers = objConn.Execute(vSQL) if NOT (rsUsers.BOF AND rsUsers.EOF) THEN session("id_user") = rsUsers.fields("id_employee") session("user_name") = rsUsers.fields("name") session("user_privileges") = rsUsers.fields("user_privileges") 'session("user_id_area_privileges") = rsUsers.fields("id_area") session("is_login")=1 else Response.Redirect "login.asp" response.End() end if vSQL2 = "SELECT employee_group.id_group FROM employee_group, priv_broadcast WHERE employee_group.id_group=priv_broadcast.id_group and priv_broadcast.id_employee='" & rsUsers.fields("id_employee") &"'" Set rsUsers2 = objConn.Execute(vSQL2) do until rsUsers2.EOF gr=gr & rsUsers2.fields("id_group") & "," rsUsers2.movenext loop session("groups") = gr end if end function login.asp <!-- #include file="include/login_util.asp" --> <% response.buffer = true '================== 'file : login.asp 'author : ronald '================== %> <HTML> <BR><BR><BR><BR><BR> <% judul = "selamat datang - silahkan verifikasi login anda - " keywords = "produk BSU vs. kompetitor" call title() %> <BODY> <% call css() call loginform() %> </BODY> </HTML>