Fog Creek Software
Discussion Board




Welcome! and rules

Joel on Software

all page security with a cookie

hello.
i have an ASP.NET login page. this page related to a SQL Server 2000 database and check username & password and if true , redirect people to first page of my site , for example "firstpage.aspx" ... if a user directly write the address of my first page (not address of my login page) , he/she will be entered to my site without login!!! it is my problem. i think if i put a cookie to user's system when he submitted to my site (and loginned successfully) , and i check "existing" of this cookie in the top of all pages of my site , no one can access to any page of my site directly. is it a solve? ... if it is , can you help me about a code that check "existing" of a cookie in a hard disk? ... i need a code to do this and if you have a better suggestion about my problem , help me by telling that to me.
thank you reader...

mohammad hosein amini
Tuesday, November 02, 2004

Mohammad,

I urgently require a contract developer to implement an online shopping facility for my retail outlet, and gauge by your post that you're just the man for the job. Please contact me with your rates so we can discuss further...

Need your help Mohammad!!
Tuesday, November 02, 2004

Sounds reasonable.

You can use a session object as well to verify the person has logged in. Implementing it is probably easier, but if the user loses his/her session, then the user is logged out. May be what you want, or may not.

Both cookies and sessions require cookies to be enabled on the client. If you don't want cookies to be required, you can use sessions, and change your Web.Config sessionState to cookieless="true". This appends the session pointer to the URL - I've had problems with this messing up links to image files.

To create a cookie, instantiate an HttpCookie object, assign it values using the Values property, and then call Response.AppendCookie to write it to the client. Refer to the help files and google for your language of choice.

You can pull a cookie using the Request.Cookies collection.

Session object is easier - just do a Session.Add, and then access the Session collection.

Bryan Jonker
Tuesday, November 02, 2004

*  Recent Topics

*  Fog Creek Home