What do you use instead of sessions for password protected

Discussion in 'ASP General' started by Yarn, Sep 18, 2003.

  1. Yarn

    Yarn Guest

    pages?

    For low traffic sites I just use sessions and redirect if not logged in

    <%
    if NOT session("loggedIn") = "true" then
    response.redirect("index.asp")
    end if
    %>


    Is this a really that bad of an idea? It's just four little characters.
    Yarn, Sep 18, 2003
    #1
    1. Advertising

  2. Yarn

    Ray at home Guest

    No, I think that's the best thing to do. Other options:

    Use NT authentication for your site.
    - I prefer to keep this for intranets or for sites that will just have a
    handful of logins and not an open registration system.


    Use cookies.
    - Relies on clients' acceptance of cookies.

    Ray at home

    "Yarn" <> wrote in message
    news:#...
    > pages?
    >
    > For low traffic sites I just use sessions and redirect if not logged in
    >
    > <%
    > if NOT session("loggedIn") = "true" then
    > response.redirect("index.asp")
    > end if
    > %>
    >
    >
    > Is this a really that bad of an idea? It's just four little characters.
    >
    >
    >
    Ray at home, Sep 18, 2003
    #2
    1. Advertising

  3. Yarn

    Dan Brussee Guest

    On Wed, 17 Sep 2003 19:32:22 -0700, "Yarn" <> wrote:

    >pages?
    >
    >For low traffic sites I just use sessions and redirect if not logged in
    >
    ><%
    >if NOT session("loggedIn") = "true" then
    >response.redirect("index.asp")
    >end if
    >%>
    >


    Thats a very common method. I would add one item though. With this
    scheme, you know that someone logged in, but you dont know WHO logged
    in. Save the user's ID in the session variable, or save the session ID
    in your database so you can look up who logged in. This takes even
    less space and gives you more information :)
    Dan Brussee, Sep 18, 2003
    #3
  4. Yarn

    PB4FUN Guest

    I would change it to :
    If Session("LoggedIn") = "" Then
    Response.Redirect "index.asp"
    End if

    If the user is NOT logged in than the session variable would be empty and
    not "false"

    Now you have 2 boolean expressions
    Session("LoggedIn") = "True" is boolean expr #1
    If you use the NOT, you use boolean #2 on boolean #1

    Meindert, MCP

    >
    > For low traffic sites I just use sessions and redirect if not logged in
    >
    > <%
    > if NOT session("loggedIn") = "true" then
    > response.redirect("index.asp")
    > end if
    > %>
    >
    >
    > Is this a really that bad of an idea? It's just four little characters.
    >
    >
    >
    PB4FUN, Sep 18, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andreas Klemt
    Replies:
    2
    Views:
    551
    Andreas Klemt
    Jul 5, 2003
  2. Ken Cox [Microsoft MVP]

    Re: Relationship between IIS Sessions and ASP.NET Sessions?

    Ken Cox [Microsoft MVP], Aug 8, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    5,348
    Luther Miller
    Aug 8, 2003
  3. Jordan Taylor
    Replies:
    3
    Views:
    364
    Backer
    Feb 26, 2006
  4. AAaron123
    Replies:
    2
    Views:
    2,105
    AAaron123
    Jan 16, 2009
  5. AAaron123
    Replies:
    1
    Views:
    1,321
    Oriane
    Jan 16, 2009
Loading...

Share This Page