How to separate the object

Results 1 to 2 of 2

Thread: How to separate the object

  1. #1
    Join Date
    Dec 1969

    Default How to separate the object

    I have the problem in distinguish my session and application object. Actually my web site have two faces. One for the general user and the other for the administrator. Both must be login before they can entering my site. <BR><BR>So for the genral user, I use session to hold the value of my connection object: <BR>If Isobject(Session("_conn")) Then <BR> Set con = Session("_conn") <BR>Else <BR> Set con = Server.CreateObject("ADODB.connection") <BR> con.Open Session("conn1_connectionString"),"","" <BR> Set Session("_conn") = con <BR>End If <BR><BR>and in my admin page I used Application <BR>If Isobject(Application("_conn")) Then <BR> Set con = Application("_conn") <BR>Else <BR> Set con = Server.CreateObject("ADODB.connection") <BR> con.Open Application("conn1_connectionString"),"","" <BR> Set Application("_conn") = con <BR>End If <BR><BR>in my global.asa I put <BR>&#060;SCRIPT LANGUAGE=VBScript RUNAT=Server&#062; <BR>Sub Application_OnStart <BR>Application("conn1_ConnectionString") = "DSN=tableDB01" <BR>End Sub <BR><BR>Sub Session_OnStart <BR>Session("conn1_ConnectionString") = "DSN=tableDB01" <BR>End Sub <BR>&#060;/SCRIPT&#062; <BR><BR>the page for the administrator is suppose cannot be enter by the general user. But the problem is if user can login in my web page, he/she can entering admin side if he click admin page button. What I tend to do is general user cannot entering admin page because in db I create two different table for user login and admin login. <BR><BR>For your information I already change the object of user because I think it might share the same object since they got the same name for "_conn". So, I change "_conn" became "_con" just in the general user session only. But general user still can access admin side. <BR><BR>Do someone know how to solve it......... <BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: How to separate the object

    Firstly, you do not say anything about you are controlling access to the administrative pages. What database connection they use is irrelevant, you need to control access.<BR><BR>Secondly, you should NEVER store a connection object at Application or Session scope. It has very serious threading implications. Storing a connection STRING is fine, but not a connection OBJECT.<BR><BR>Dunc

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts