www.webdeveloper.com
Results 1 to 6 of 6

Thread: Site security - ASP Sessions

  1. #1
    Join Date
    Nov 2004
    Location
    UK
    Posts
    71

    Site security - ASP Sessions

    Hi All, I am a real newbie to ASP.

    I need help with setting up a page where the viewer has to accept terms before they can access the rest of the website.

    The page will have a bit of text explaining why they need to accept oor decline the terms and then have 2 buttons. ie. accept or decline.

    What I need to be able to do is set this up so that if the viewer tries to bypass the accept/ decline page they will get re-directed to it. If they have clicked the accept button then they can view anywhere on the site.

    I understand that 'sessions' in IIS don't actually close until about 20 mins after the user has left the site and can live with that. But if they come back the next day they must go through the accept/decline page to get into the site. It doesn't have to have usernames or password, they just have to accept.

    I understand that you set up several pages to do this, i.e. the accept/decline page, a 'checkterms' page (which sets the session cookie?) and then some code on every other page on the site to check for the presence of the session cookie and let you view if it is there. If not, redirects you to the Accept/Decline page.

    The problem I have is I don't know what code to write and where to put it into the page.

    Please help as this is getting desperate.

    Cheers,
    Steve

  2. #2
    Join Date
    Jun 2004
    Location
    Kansas City, MO
    Posts
    1,607
    You could set a cookie when the user accepts or declines and have that cookie expire everyday. This way every time they visit the site (in the same day) they dont have to go through this process. But users can disable cookies so this might not work for everyone.

    If you use session variables you would do it like this.

    If the acceptted button is clicked then set a session variable
    Code:
    Session("TermsAccpeted") = True
    If the Decline button is clikced then you really dont need to do anything as far as setting a session variable goes but i guess you could set it to False

    Then on the top of every page you could have something like this
    Code:
    If Session("TermsAccepted") <> True Then 
          Response.redirect "AcceptTerms.asp"
    End If

  3. #3
    Join Date
    Feb 2003
    Posts
    2,745
    let me add just one thing to what lmf232s said...

    put that last bit oof code in an include file, and include the file from every page. that way, when you decide to modify it, u change it in one place instead of on every page.

    because we should be as lazy as possible when it comes to modifying our code!

  4. #4
    Join Date
    Nov 2004
    Location
    UK
    Posts
    71
    Thanks for that.

    Where do I place the first bit of code?

  5. #5
    Join Date
    Nov 2004
    Location
    UK
    Posts
    71
    Quote Originally Posted by lmf232s
    You could set a cookie when the user accepts or declines and have that cookie expire everyday. This way every time they visit the site (in the same day) they dont have to go through this process. But users can disable cookies so this might not work for everyone.

    If you use session variables you would do it like this.

    If the acceptted button is clicked then set a session variable
    Code:
    Session("TermsAccpeted") = True
    If the Decline button is clikced then you really dont need to do anything as far as setting a session variable goes but i guess you could set it to False

    Then on the top of every page you could have something like this
    Code:
    If Session("TermsAccepted") <> True Then 
          Response.redirect "AcceptTerms.asp"
    End If
    Thanks for that.

    Where do I place the first bit of code?

  6. #6
    Join Date
    Jun 2004
    Location
    Kansas City, MO
    Posts
    1,607
    Well you want to implement russells method for this. I was just giving an example. I will however help you implement what russell mentioned.

    1. Create a file and call it (whatever you like) TermsSecurity.asp

    *NOTE: I have a directory called Include(this is where i put all my functions, subs, and reusuable code) in this directory i would put this new page.
    example: www.test.asp/Include/TermsSecurity.asp

    2. In this page (TermsSecurity.asp) put the code that checks to see if the session is true and save it.
    Code:
    <%
    If Session("TermsAccepted") <> True Then 
          Response.redirect "AcceptTerms.asp"
    End If
    %>
    3. On each page in your site put this at the top of the page.
    <!--#include virtual="Include/TermsSecurity.asp"-->

    **What you might want to do is have a page called Common.asp in the Include directory. In this Common.asp page you would put this code
    <!--#include virtual="Include/TermsSecurity.asp"-->
    and then on all your pages in the web site you would put this at the top of the page.
    <!--#include virtual="Include/Common.asp"-->

    This way you only have 1 include file on the site and if you need to remove the TermsAcceptted security, you will just need to go and remove that line form the common.asp page. Other wise you will have to visit each and ever page on your site and remove that line of code.

    This just provides 1 place where your includes live.

    See how that goes.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles