Fatal编程技术网
  • html/
  • Html 管理asp会话

Html 管理asp会话

html database asp-classic

Html 管理asp会话,html,database,asp-classic,Html,Database,Asp Classic,我有一个代码,允许我的asp页面会话。然而,当我尝试使用post表单将我带到另一个asp页面时,我将自动注销。有解决办法吗?提前谢谢 <%session("cLoginId") = Request.QueryString("cLoginId") session("Email") = Request.QueryString("Email") session("cPW") = Request.QueryString("cPW") session("UsrId") = csng(Request

我有一个代码,允许我的asp页面会话。然而,当我尝试使用post表单将我带到另一个asp页面时,我将自动注销。有解决办法吗?提前谢谢

<%session("cLoginId") = Request.QueryString("cLoginId")
session("Email") = Request.QueryString("Email")
session("cPW") = Request.QueryString("cPW") 
session("UsrId") = csng(Request.QueryString("UsrId"))  
UsrId = csng(Request.QueryString("UsrId"))  
Set Con= server.CreateObject("ADODB.Connection")
Con.Open "Provider=SQLOLEDB;Initial Catalog="&session("db")&";Data Source="&session("SqlServer")&";UID="&session("uid")&";PWD="&session("pwd")&";"

mode = Request.QueryString("mode") 
UsrId = csng(Request.QueryString("UsrId")) 

cDesc1=CInt(Request.QueryString("c1"))
cStartDte = Request.form("sStartDte") 
cEndDte = Request.form("sEndDte") 
p=Request.QueryString("p") 
'session("cLoginId") = Request.QueryString("cLoginId")
cPW = Request.QueryString("cPW")  
'Response.Write "cDesc1=" & cDesc1 & "<br>"
'Response.Write "PW=" & session("cPW")  & "<br>"
cMsg = Request.QueryString("cMsg") 
'Response.Write "<font color=white>db2=" & session("SqlServer") & "</font><br>"
session("cLoginId") = Request.QueryString("cLoginId")
if cDesc1 <> "" then
session("cLoginId") = Request.QueryString("cLoginId")
cEmail= "cLoginId"&"Email"&"cPW"
end if
colorh3 = 1
%>

<%
sub  ChkUsrDetails(NewsRs)
    set rsUser = Server.CreateObject("ADODB.Recordset")
    UserSQL="SELECT * FROM Login where loginid='"&trim(NewsRs("UsrName"))&"'"
    'Response.Write "UserSQL=" & UserSQL
    rsUser.Open UserSQL,ObjConn,3

    if not rsUser.EOF then
        cFName = rsUser("FName")
        cLName = rsUser("LName")
        cUnit = rsUser("Unit")
    end if
end sub
%>



这是一个非常糟糕的主意,因为您将通过任何人都可见的查询字符串传递登录信息。而是将这些变量移动到用户无法篡改的常量/预设变量。至于用户登录后的会话,请在代码中设置一次,然后在需要使用它的页面上检查它是否为空。如果登录页面为空,您可以将用户重定向回登录页面

例如,在
页面上需要会话。asp


<%
If Session("UserID") = "" Then
    Redirect("login.asp?expired=1")
End If
%>
<!-- Rest of page -->



<%
If Request.QueryString("expired") = "1" Then
    Response.Write "Your session has expired; please log in again"
End If

If Request.Form("submit") = "Login" Then
    ' check in database if user info. matches valid username and password '
Else
    ' display error message
End If
%>
<!-- HTML form would be here -->