I have a log-in page that verifies user details against an online MS Access database. Three ASP files do this: a login script, a 'check details' script, and the final script which displays the database table in a Web page.
The problem I have is this: when user A logs in he can see the details of the other users, which I don't want. I understand that I need to use 'Session' for this so that user A can only see his own details (let's say he is tracking an order online), but there are scant examples on the Internet about how to use 'session'.
So, I am groping in the dark, but would the script be something like this?
The reference to wolfID above is the password the user enters when logging in.
<% IF Request.form="" THEN %>
<title>Our private pages</title>
In order to access this pages fill the form below:<BR>
<form method="post" action="login.asp">
Username: <input type="text" name="email" size="20"><BR>
Password: <input type="password" name="wolfID" size="15"><BR>
<input type="Submit" value="Submit">
<% IF Session("wolfID")<>="" THEN %> welcome to Page 1 <BR>
'find all nessesary data for wolfID and display this users record only
<A HREF="page1.asp">Page 1</A>
<% ELSE %>
Sorry, access is refused/Error in username or password
<A HREF="page2.asp">Page 2</A>
Thanks for any advice.