Comparing a session value to a querystring

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Spoogledrummer
    New Member
    • Oct 2007
    • 21
    #1

    Comparing a session value to a querystring

    Hi,

    I'm attempting to limit access to a page without creating a whole load of session values and there for re-writing the page. So I've come up with the following code on a test page[CODE=asp]<%@ Language=VBScri pt %>
    <%Option Explicit%>
    <%
    IF session("Userid ")<>request.Que rystring("Stu") and session("Userid 2")<>request.Qu erystring("Stu" ) Then
    response.redire ct "../../login/errors/notloggedin.asp "
    End if
    %>
    [/CODE]
    This in theory should prevent the user from editing the url themselves as if their session value doesn't match the value in the url it should re-direct them to an error. For some reason it's not working though even though that's literally all the code there is on the page.

    If I get it to print out the session userid and the url stu value they are the same yet it still redirects me to the error page. What am I missing?
    Tags: None
    • deric
      New Member
      • Dec 2007
      • 92
      #2
      How about the Userid2, is it the same with the Stu value?
      I'm not sure, but you can try converting the session values to string...

        Comment

        • Spoogledrummer
          New Member
          • Oct 2007
          • 21
          #3
          userid2 would be blank if userid has a value. It's basically 2 different applications sharing the same pages so the user will only ever have one or the other. I'll give the string thing a try. Thanks

            Comment

            • deric
              New Member
              • Dec 2007
              • 92
              #4
              So that's it.. either of the two condition should work, then you should use the OR operator and not the AND.
              Code:
              IF session("Userid")<>request.Querystring("Stu") [B]OR[/B] session("Userid2")<>request.Querystring("Stu") Then
              If any one of them is true, then the result is true.
              If both are false, then the condition is not satisfied, it will result to false and will not go inside of the IF.
              Btw, you need not convert them to string.

                Comment

                • Spoogledrummer
                  New Member
                  • Oct 2007
                  • 21
                  #5
                  Originally posted by deric
                  So that's it.. either of the two condition should work, then you should use the OR operator and not the AND.
                  Code:
                  IF session("Userid")<>request.Querystring("Stu") [B]OR[/B] session("Userid2")<>request.Querystring("Stu") Then
                  If any one of them is true, then the result is true.
                  If both are false, then the condition is not satisfied, it will result to false and will not go inside of the IF.
                  Btw, you need not convert them to string.
                  Thanks but using OR wouldn't work. The aim is to redirect the user if they try to access a page that doesn't have their userid in the url. So as they will only have either userid or userid2 and the other will always be blank switching it to an or will cause them to be re-directed all the time even when trying to access their own page.

                    Comment

                    Previous template Next
                    Working...