Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Sep 2007
    Thanked 0 Times in 0 Posts

    Question Session break, season 3

    well i know 2 ways to secure my pages:
    1- is posting a variable with some value and in the next page check if the variable got the right value...doing it with Post and not Get of course...
    on login page if the username and password is true the user got
    and on the "secure" pages i'm checking if the user got "0" in the Session("admin")

    well thats good but! too simple don't you think?
    what will happend if some "very bad person" will build a page where he will give to him self Session("admin")=0 and link the page to my "secure" page
    Last edited by sasha85; 09-25-2007 at 05:30 PM.

  2. #2
    Regular Coder
    Join Date
    Mar 2007
    Thanked 19 Times in 19 Posts
    The easiest way to secure your pages by using session variables is to use multiple session variables.

    Try setting session("adminLogon") = true as well as session("admin") = 0.

    That way, even if the person can guess one of your session variables, s/he may or may not be able to guess them all.

    You can also check the Request.ServerVariables("HTTP_REFERER") to see if it's your logon page that is referring to your admin pages, rather than someone else's server.

    To say my fate is not tied to your fate is like saying, 'Your end of the boat is sinking.' -- Hugh Downs
    Please, if you found my post helpful, pay it forward. Go and help someone else today.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts