ASP Discovery

nathan schmoll's
aspdiscovery

back to main page

e-mail me

<script language="javascript" src="http://ads.aspalliance.com/displayad.aspx?t=2&m=1&target=_parent&js=1&s=aspdiscovery&page=0.6036289749418999"></script>

<script language="javascript" src="http://ads.aspalliance.com/displayad.aspx?t=2&m=1&target=_parent&js=1&s=aspdiscovery&page=0.7372558840871648"></script>

<script language="javascript" src="http://ads.aspalliance.com/displayad.aspx?t=2&m=1&target=_parent&js=1&s=aspdiscovery&page=0.9047586536672959"></script>

<script language="javascript" src="http://ads.aspalliance.com/displayad.aspx?t=2&m=1&target=_parent&js=1&s=aspdiscovery&page=0.0406504596600713"></script>

Is your web site's "secure" area secure?

Have you ever made a secured-access area to a web site that only verified the user on the main page, making the so-called "secure" site available without requiring login information? Many people also do this not knowing the security breach they have left. There is a fairly simple way to take care of this.

In this article, I will discuss two files -- default.asp and logincheck.asp. The file "default.asp" will be the login page for the secured web site. It will also verify that the user entered valid login information, and if they did, execute the following ASP code:

<%
session("isloggedin")="true"
%>

When they user logs out, execute the following ASP code:

<%
session("isloggedin")="false"
%>

Then create logincheck.asp and have it contain the following ASP code:

<%
if session("isloggedin")<>"true" then
response.redirect "default.asp"
end if
%>

Then, simply include logincheck.asp in all the files that you want to be secured. You can do this by typing this line of code into all the pages you want secured:

Be happy -- you are now secure … I mean … your web site is secure. Yeah. That's it.