管理asp会话
我有一个允许我的 asp 页面进行会话的代码。但是,当我尝试使用 post 表单将我带到另一个 asp 页面时,我将自动注销。有解决办法吗?提前致谢。
<%session("cLoginId") = Request.QueryString("cLoginId")
session("Email") = Request.QueryString("Email")
session("cPW") = Request.QueryString("cPW")
session("UsrId") = csng(Request.QueryString("UsrId"))
UsrId = csng(Request.QueryString("UsrId"))
Set Con= server.CreateObject("ADODB.Connection")
Con.Open "Provider=SQLOLEDB;Initial Catalog="&session("db")&";Data Source="&session("SqlServer")&";UID="&session("uid")&";PWD="&session("pwd")&";"
mode = Request.QueryString("mode")
UsrId = csng(Request.QueryString("UsrId"))
cDesc1=CInt(Request.QueryString("c1"))
cStartDte = Request.form("sStartDte")
cEndDte = Request.form("sEndDte")
p=Request.QueryString("p")
'session("cLoginId") = Request.QueryString("cLoginId")
cPW = Request.QueryString("cPW")
'Response.Write "cDesc1=" & cDesc1 & "<br>"
'Response.Write "PW=" & session("cPW") & "<br>"
cMsg = Request.QueryString("cMsg")
'Response.Write "<font color=white>db2=" & session("SqlServer") & "</font><br>"
session("cLoginId") = Request.QueryString("cLoginId")
if cDesc1 <> "" then
session("cLoginId") = Request.QueryString("cLoginId")
cEmail= "cLoginId"&"Email"&"cPW"
end if
colorh3 = 1
%>
<%
sub ChkUsrDetails(NewsRs)
set rsUser = Server.CreateObject("ADODB.Recordset")
UserSQL="SELECT * FROM Login where loginid='"&trim(NewsRs("UsrName"))&"'"
'Response.Write "UserSQL=" & UserSQL
rsUser.Open UserSQL,ObjConn,3
if not rsUser.EOF then
cFName = rsUser("FName")
cLName = rsUser("LName")
cUnit = rsUser("Unit")
end if
end sub
%>
I have a code which allows session for my asp pages. However, when i try to use post form which takes me to another asp page, i will be automatically logout. Is there a solution to this? Thanks in advance.
<%session("cLoginId") = Request.QueryString("cLoginId")
session("Email") = Request.QueryString("Email")
session("cPW") = Request.QueryString("cPW")
session("UsrId") = csng(Request.QueryString("UsrId"))
UsrId = csng(Request.QueryString("UsrId"))
Set Con= server.CreateObject("ADODB.Connection")
Con.Open "Provider=SQLOLEDB;Initial Catalog="&session("db")&";Data Source="&session("SqlServer")&";UID="&session("uid")&";PWD="&session("pwd")&";"
mode = Request.QueryString("mode")
UsrId = csng(Request.QueryString("UsrId"))
cDesc1=CInt(Request.QueryString("c1"))
cStartDte = Request.form("sStartDte")
cEndDte = Request.form("sEndDte")
p=Request.QueryString("p")
'session("cLoginId") = Request.QueryString("cLoginId")
cPW = Request.QueryString("cPW")
'Response.Write "cDesc1=" & cDesc1 & "<br>"
'Response.Write "PW=" & session("cPW") & "<br>"
cMsg = Request.QueryString("cMsg")
'Response.Write "<font color=white>db2=" & session("SqlServer") & "</font><br>"
session("cLoginId") = Request.QueryString("cLoginId")
if cDesc1 <> "" then
session("cLoginId") = Request.QueryString("cLoginId")
cEmail= "cLoginId"&"Email"&"cPW"
end if
colorh3 = 1
%>
<%
sub ChkUsrDetails(NewsRs)
set rsUser = Server.CreateObject("ADODB.Recordset")
UserSQL="SELECT * FROM Login where loginid='"&trim(NewsRs("UsrName"))&"'"
'Response.Write "UserSQL=" & UserSQL
rsUser.Open UserSQL,ObjConn,3
if not rsUser.EOF then
cFName = rsUser("FName")
cLName = rsUser("LName")
cUnit = rsUser("Unit")
end if
end sub
%>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这是一个非常糟糕的主意,因为您将通过任何人都可以看到的查询字符串传递登录信息。而是将这些变量移至用户无法篡改的常量/预设变量。至于用户登录时的会话,请在代码中设置一次,然后在需要使用它的任何页面上检查它是否为空。如果登录页面为空,您可以将用户重定向回登录页面。
例如,在
page_requires_session.asp上:然后在
login.asp上:This is a really bad idea, since you'd be passing login information via a query string which would be visible to anyone. Rather move those variables to constants / pre-set variables which can't be tampered with by the user. As for the user's session when they've logged in, set it in your code once and then just check if it's blank on any pages that need to use it. You could redirect the user back to the login page if it's blank.
E.g. on
page_requires_session.asp:Then on
login.asp: