Hi, i am facing a problem to write a web page protected script in asp page. below is the java script i add to the login.htm page. <script language = "javascript"> function validate (text1,text2) { if ((text1=='csmq' && text2=='soemcsmq')) load('Index.asp'); else { alert("Invalid ID or password!"); } } function load(url) { location.href=url; } </script> HTML: after user login with correct password, user may access the index.asp. my question is if user add the index.asp page as favourite, they are no need go through the login.asp. What javascript i should add to the index.asp to make sure user need passby the login.asp before they can access to the index.asp? hope can receive any reply soon. thanks.
None, this is a horribly stupid way of doing things. Use server side validation, why would you put the direct link to the target page, hand it to your client, then had the client the user and pass and ask it to authenticate?
You shouldn't rely on Javascript to protect a page. What happens if they direct link to the page and have Javascript disabled? (no popups, warnings etc.) Not to mention anyone who slightly knows anything about web development can bypass it in about 15 seconds by viewing the source. If you're implementing user accounts; use server-side code (in this case, ASP)