我在ASP Classic中有一个简单的登录脚本。
登录成功后,会为要识别的用户创建会话变量。
但是,当一个用户已登录时,另一个用户无法登录。他们将收到一条错误消息"您必须使用可更新的查询。"
我应该为每次登录创建唯一的会话cookie吗?我不太确定......非常感谢一些指导。
HTML:
<form method="post" action="" name="login_form" class="login_form">
<div class="login-wrap">
<h1>login</h1>
<p><%=error%>
<p><input type="text" name="login_user" id="login_user" placeholder="user"></p>
<p><input type="password" name="login_pass" id="login_pass" placeholder="password"></p>
<p><input type="submit" value="Login" class="btn"></p>
</div>
<p> </p>
</form>
ASP:
// Process login
if request.form("login_user") <> "" then
user = Request.Form("login_user")
password = Request.Form("login_pass")
set conn=Server.CreateObject("ADODB.Connection")
conn.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;Jet OLEDB:Database Password=******;User ID=Admin;" & _
"DATA SOURCE=" & Server.MapPath("contacts.mdb")
set rs = Server.CreateObject("ADODB.Recordset")
sql = "SELECT * FROM contacts WHERE user=" & user
rs.open sql, conn
if rs.EOF then
error = "Sorry, your user was not found."
end if
if Request.Form("login_user") = "" then
error = "You must enter your user number."
elseif Request.Form("login_pass") = "" then
error = "You must enter your password."
elseif rs("pass") <> "" then
if password = rs("pass") then
session("id") = rs("area")
session("user") = rs("user")
Response.Redirect("admin.asp")
else
error = "Invalid password."
end if
else
error = "Please enter a password."
end if
rs.Close
conn.Close
set rs = nothing
set conn = nothing
end if