[thelist] More ASP problems - Checking for cookie existance

Christopher Ditty cditty at mlgw.org
Thu Jan 30 10:46:00 CST 2003


Thanks for the tip.  Unfortunately, I can't use session vars because the
first cookie is set on another machine using PHP in this domain so the
session wouldn't be accessible.  We are actually going to use SSL and
make the cookies secure.

I think I have the looping bug fixed.  I added code that only allows
that section to be hit when a POST is done.  That should take care of
that issue.  I hope.  :)

Thanks for the help.

Chris

>>> martyn.haigh at virgincosmetics.com 01/30/03 10:30AM >>>
Sounds like you need to have an include file at the top of every page
that
will check for this type of thing.  This is the easiest way to do it.
I use
it in my password protected areas!

Really easy - forget about the global.asa - create a file called
checklogin.asp (or something like that!) and stick it in your includes
folder (or where ever you want).

I would personally change a bit of your code here.  Instead of using
cookies
- I would use a session var.  cookies are a bit of a security risk - if
one
of your legit users is using a shared computer and they forget to log
off
your system properly - someone else could compromise your system and
pretend
to be that user.  But that's your decision.

Put your code to check for the cookie (or session object) in that
file.

And include a simple <!--#include virtual="/Includes/checklogin.asp"
--> at
the top of every page you want protected.

If you want some more detailed help feel free to ask.

hth

Martyn Haigh

Site Developer
The Virgin Cosmetics Company
City Fields, Chichester, West Sussex PO20 2FP
tel: 01243 622282






More information about the thelist mailing list