Results 1 to 2 of 2

Thread: Cookies

  1. #1
    Join Date
    Dec 1969

    Default Cookies

    Hi , i am working on cookies , i have set three different cookies with different user levels.<BR><BR>////////////////////////////////////////<BR><BR><BR>If rs("login")=a then<BR>If rs("password")=b then<BR> <BR>if rs("level")=1 then<BR>Response.cookies ("admin1")=request.form("login")<BR>Response.cooki es ("admin1").expires=date+10 <BR>end if<BR>If rs("level")=2 then<BR>Response.cookies ("admin2")=request.form("login")<BR>Response.cooki es ("admin2").expires=date+10 <BR>end if<BR>If rs("level")=3 then<BR>Response.cookies ("admin3")=request.form("login")<BR>Response.cooki es ("admin3").expires=date+10 <BR>end if<BR><BR>/////////////////////////////////////////<BR><BR>Now i want to restrict the users with following condition , which first check all cookies one by one , and if dont find any cookie , it will automatically redired the user , but i am not able to put the exact condition , i am using the following condition , but i know its wrong as it will always redirect the user to the unauthorised page , because i am using "or".........any idea from u guys ? that how can i implement the proper check ? or the same check will be implemented to some other administration area , where i will just check for a specific cookie else user will be re-directed .<BR><BR>/////////////////////////////////////////<BR><BR>here is the code i am using<BR><BR>&#060;%<BR><BR>response.expires=0<BR> a=request.cookies("admin1")<BR>b=request.cookies(" admin2")<BR>c=request.cookies("admin3")<BR><BR>if a="" or b="" or c="" then <BR>response.redirect "unauthorised.asp" <BR>end if <BR><BR><BR><BR>if Not a&#060;&#062;"0" or Not b&#060;&#062;"0" or Not c&#060;&#062;"0" then<BR>Response.Redirect "notaccessable.asp"<BR>end if<BR><BR>%&#062;<BR><BR>/////////////////////////////////////////<BR><BR>one more thing i wanted to ask that , is it fine to implement security of different user levels through cookies ? or any other solutions from u guys ?<BR>Thanks in Advance<BR>

  2. #2
    Join Date
    Dec 1969

    Default surely you want......

    if a="" and b="" and c="" then <BR> response.redirect "unauthorised.asp" <BR>end if <BR><BR><BR>depending on how secure you need your site to be, using this method shouldn&#039;t cause too much of a problem; it would be possible to overcome though.<BR><BR>c

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts