Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Implementing a Simple Login State Mechanism  : Page 3

Enforcing authentication via an ASP page requires you to maintain login state.


advertisement

The Cookie Is the Answer
So, what technique do I use? I use a simple cookie. When the page "login.asp" authenticates the user, it places a small cookie with a pre-determined value on the user's computer:


	Response.Cookie("SomeCookieName") = "SomePreDeterminedValue"

Each of the subsequent pages, simply check the value of the cookie. If the cookie value matches what it is expecting, it allows the user to proceed:




If Request.Cookies("SomeCookieName") <> "SomePreDeterminedValue" Then
	Response.Redirect "login.asp"
	' - or in Windows 2000, this is better code
	' - Server.Transfer "login.asp"
End if
...
... The rest of the page's code here
...

The key to this technique working is to set the cookie value without specifying an expiration date. This automatically deletes the cookie when the user closes the browser session. So, if the user has been authenticated today and comes back tomorrow, or even 10 minutes after closing the browser, the cookie value will have been deleted and they will be forced to log in again—as they should be. And returning to our earlier scenario, the public library lurker, who is using a machine just vacated by a legitimate user, and is typing in the URL for your secure pages, will be told to log in again.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date