Simple Security Question

Results 1 to 3 of 3

Thread: Simple Security Question

  1. #1
    Join Date
    Dec 1969

    Default Simple Security Question

    Hi, I was wondering how most programmers handle people trying to go directly to another page instead of logining in first. <BR><BR>Example:<BR><BR>login.asp redirects to customerinfo.asp if the user logs in correctly. Now if someone tries to go directly into "customerinfo.asp" without loging in, do most people use "http_referer" or "sessions". <BR><BR>I just want to know the best practice.

  2. #2
    Join Date
    Dec 1969

    Default RE: Simple Security Question

    In every page check for a sessionvariable, if the variable is not set, redirect to login.asp.<BR><BR>After a succesful login in login.asp set the sessionvar.

  3. #3
    Join Date
    Dec 1969

    Default Cookies or Sessions...

    ...are probably the answer. This&#039;ll make your site more flexible.<BR><BR>Example:<BR><BR>You have ten pages which have to password secured.<BR><BR>If you use HTTP_REFERER, your users will have to log on every time that want to go to any of the ten pages, e.g. potentially up to ten times.<BR><BR>If you use cookies or session variables, the user logs in once, the cookie/session variable records the correct log in, and then your user can visit all ten pages without having to log in again.<BR><BR>Oliver.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts