What do you use instead of sessions for password protected

[Yarn]

pages?

For low traffic sites I just use sessions and redirect if not logged in

<%
if NOT session("loggedIn") = "true" then
response.redirect("index.asp")
end if
%>


Is this a really that bad of an idea? It's just four little characters.

 

[Ray at home]

No, I think that's the best thing to do. Other options:

Use NT authentication for your site.
- I prefer to keep this for intranets or for sites that will just have a
handful of logins and not an open registration system.


Use cookies.
- Relies on clients' acceptance of cookies.

Ray at home

 

[Dan Brussee]

pages?

For low traffic sites I just use sessions and redirect if not logged in

<%
if NOT session("loggedIn") = "true" then
response.redirect("index.asp")
end if
%>

Thats a very common method. I would add one item though. With this
scheme, you know that someone logged in, but you dont know WHO logged
in. Save the user's ID in the session variable, or save the session ID
in your database so you can look up who logged in. This takes even
less space and gives you more information

 

[PB4FUN]

I would change it to :
If Session("LoggedIn") = "" Then
Response.Redirect "index.asp"
End if

If the user is NOT logged in than the session variable would be empty and
not "false"

Now you have 2 boolean expressions
Session("LoggedIn") = "True" is boolean expr #1
If you use the NOT, you use boolean #2 on boolean #1

Meindert, MCP