管理asp Session

时间:2011-09-27 10:36:06

标签: html database asp-classic

我有一个允许我的asp页面进行会话的代码。但是,当我尝试使用将我带到另一个asp页面的帖子表格时,我将自动注销。这个问题有方法解决吗?提前致谢。 

<%session("cLoginId") = Request.QueryString("cLoginId")
session("Email") = Request.QueryString("Email")
session("cPW") = Request.QueryString("cPW") 
session("UsrId") = csng(Request.QueryString("UsrId"))  
UsrId = csng(Request.QueryString("UsrId"))  
Set Con= server.CreateObject("ADODB.Connection")
Con.Open "Provider=SQLOLEDB;Initial Catalog="&session("db")&";Data Source="&session("SqlServer")&";UID="&session("uid")&";PWD="&session("pwd")&";"

mode = Request.QueryString("mode") 
UsrId = csng(Request.QueryString("UsrId")) 

cDesc1=CInt(Request.QueryString("c1"))
cStartDte = Request.form("sStartDte") 
cEndDte = Request.form("sEndDte") 
p=Request.QueryString("p") 
'session("cLoginId") = Request.QueryString("cLoginId")
cPW = Request.QueryString("cPW")  
'Response.Write "cDesc1=" & cDesc1 & "<br>"
'Response.Write "PW=" & session("cPW")  & "<br>"
cMsg = Request.QueryString("cMsg") 
'Response.Write "<font color=white>db2=" & session("SqlServer") & "</font><br>"
session("cLoginId") = Request.QueryString("cLoginId")
if cDesc1 <> "" then
session("cLoginId") = Request.QueryString("cLoginId")
cEmail= "cLoginId"&"Email"&"cPW"
end if
colorh3 = 1
%>

<%
sub  ChkUsrDetails(NewsRs)
    set rsUser = Server.CreateObject("ADODB.Recordset")
    UserSQL="SELECT * FROM Login where loginid='"&trim(NewsRs("UsrName"))&"'"
    'Response.Write "UserSQL=" & UserSQL
    rsUser.Open UserSQL,ObjConn,3

    if not rsUser.EOF then
        cFName = rsUser("FName")
        cLName = rsUser("LName")
        cUnit = rsUser("Unit")
    end if
end sub
%>

1 个答案:

答案 0 :(得分:0)

这是一个非常糟糕的主意,因为您将通过任何人都可以看到的查询字符串传递登录信息。而是将这些变量移动到用户不能篡改的常量/预设变量。对于用户登录时的会话,在代码中设置一次,然后检查在需要使用它的任何页面上是否为空。如果用户为空,您可以将用户重定向回登录页面。

E.g。在page_requires_session.asp

<%
If Session("UserID") = "" Then
    Redirect("login.asp?expired=1")
End If
%>
<!-- Rest of page -->

然后在login.asp

<%
If Request.QueryString("expired") = "1" Then
    Response.Write "Your session has expired; please log in again"
End If

If Request.Form("submit") = "Login" Then
    ' check in database if user info. matches valid username and password '
Else
    ' display error message
End If
%>
<!-- HTML form would be here -->
相关问题
最新问题