Browse DevX
Sign up for e-mail newsletters from DevX


Implementing a Simple Login State Mechanism  : Page 3

Enforcing authentication via an ASP page requires you to maintain login state.




Building the Right Environment to Support AI, Machine Learning and Deep Learning

The Cookie Is the Answer
So, what technique do I use? I use a simple cookie. When the page "login.asp" authenticates the user, it places a small cookie with a pre-determined value on the user's computer:

	Response.Cookie("SomeCookieName") = "SomePreDeterminedValue"

Each of the subsequent pages, simply check the value of the cookie. If the cookie value matches what it is expecting, it allows the user to proceed:

If Request.Cookies("SomeCookieName") <> "SomePreDeterminedValue" Then
	Response.Redirect "login.asp"
	' - or in Windows 2000, this is better code
	' - Server.Transfer "login.asp"
End if
... The rest of the page's code here

The key to this technique working is to set the cookie value without specifying an expiration date. This automatically deletes the cookie when the user closes the browser session. So, if the user has been authenticated today and comes back tomorrow, or even 10 minutes after closing the browser, the cookie value will have been deleted and they will be forced to log in again—as they should be. And returning to our earlier scenario, the public library lurker, who is using a machine just vacated by a legitimate user, and is typing in the URL for your secure pages, will be told to log in again.

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date