Need Ideas.

Results 1 to 3 of 3

Thread: Need Ideas.

  1. #1
    Join Date
    Dec 1969

    Default Need Ideas.

    Hello.<BR>Here is my problem. Third party website will have a link to our website that will look like this: Based on this url we will have to allow or disallow (depending if company 123 is our subscriber) a user to get to the password protected part of OUR site. Any ideas on how to accomplish this? Maybe links to some tutorials. Anything is appreciated.<BR>Thank you in advance.

  2. #2
    Join Date
    Dec 1969

    Default Buy high, sell low?

    You didn&#039;t say you wanted *good* ideas.<BR><BR>I&#039;ve pulled that one before, but I don&#039;t think it&#039;s much worse than your idea of putting the comp_id into the querystring!<BR><BR>How hard will it be for somebody to find one of those valid links and then simply start using it form anywhere and everywhere????<BR><BR>A *MUCH* better way would be to use<BR> Request.ServerVariables("HTTP_REFERER")<BR>find the URL that the request came from and validate it (against a DB if there are many many legal subscribers).<BR><BR>So if you find that the HTTP_REFERER is on your "good" list, you simply set the same Session variable(s) that you would set when an individual user comes in through your front page.<BR>&#060;%<BR>Session("ValidUser") = "You Betcha!"<BR>%&#062;<BR>And then look for the Session value on every protected page.

  3. #3
    Join Date
    Dec 1969

    Default Very dangerous to make it so...

    ...easy to get to the password protected part of your site. Anybody who&#039;s got the URL can get in. Is this really what you want?<BR><BR>Anyway, all you need to do is check the querstring variable "comp_id" (Request.QueryString("comp_id")) and if that&#039;s set to the right value, allow access to the password protected part.<BR><BR>Or am I missing something here?<BR><BR>Oliver.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts