Session Variables

[Rob Smeets]

Hi,

My asp application needs 2 variables (uid, password) which i need for
running sql statements.

This is not the same uid , password used for the logging by the user, but
are supplied by a Radius server. My problem is i'm supplied with the uid,
password only once by the Radius server(on the first page) , so i need to
store them. The thing is if i store them in the session they are visible to
the user. So that should be avoided... Been thinking about encrypting the
variabels, but cant find default vb code to encrypt the data. Actualy i don't
want to send any info at all...
Are there any other options i did not think off.

Any help would be greatly appriciated!
Thanks in advance !!!

Rob Smeets

 

[gnlnxx]

Maybe create a boolean session variable on the first page. Then test
for that variable to see if you are still logged in the rest of the app

if logged_in then
run sql statements
else
request uid, password

This is just an idea...someone else might have something better.


-gnlnxx

 

[paul]

The thing is if i store them in the session they are visible to the user.

I don't see how a regular user can tell what the session variables are
unless you're allowing them to create their own ASP pages on the site
(which I wouldn't necessarily recommend).

Otherwise perhaps you could of course store the password either
temporarily or permanently in the users table for that user.

Best regards,
J. Paul Schmidt, Freelance Web and Database Developer
http://www.Bullschmidt.com
Access Database Sample, Web Database Sample, ASP Design Tips