Securing pages with the Session Object

Results 1 to 2 of 2

Thread: Securing pages with the Session Object

  1. #1
    Join Date
    Dec 1969

    Default Securing pages with the Session Object

    Hi, I need to secure a section of my webpage so that only authorized users can get in (after they log in). I know that Sessions eat a lot of memory, but I don&#039t see any other way. How secure would using sessions be? I was thinking along the lines of:<BR><BR>(in login script)<BR>&#060;%<BR>IF [user is valid] THEN<BR>Session("User") = "valid"<BR>END IF<BR>%&#062;<BR><BR>(to check for valid user in a protected page)<BR>&#060;%<BR>If Session("User") = "valid" then<BR>[code for page]<BR>End If<BR>%&#062;<BR><BR>How effective would this be? What security issues would be involved?<BR><BR>Thanks, Rich

  2. #2
    Join Date
    Dec 1969

    Default RE: Securing pages with the Session Object

    This code would work fine. There&#039s an excellent article on the pro&#039s and con&#039s of session variables on this site at:<BR><BR><BR><BR>In my experience, using Session Variables for security on smaller sites, or small areas of larger sites is OK. The main pitfalls (aside from resource consumtion) being session timeouts when the user walks away from their desk and has to login again, and the occasional person with cookies disabled (remember, session variables are essentially temporary cookies). Hope this helps.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts