Dedicated Servers
Actuate Whitepapers
Moblin

IBM® developerWorks
Sun Developer Network
Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

ASP

RSS

Session Replacement in ASP

By: Rogier Doekes	Search For More Articles! Disclaimer Author Terms
Rating: / 17
2003-06-18

Table of Contents:

Session Replacement in ASP

Creating the Database

Session Check

The Login Page

Conclusion

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

Get Flash

ADVERTISEMENT

Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

Session Replacement in ASP - The Login Page

(Page 4 of 5 )

The login page contains a form which gets submitted to itself, after which the results are handed to the database. The database comes back with a valid sessionID or with the value –1 if the login fails:

<%
Dim oCnn, oRs, sMessage, sSessionID
If Len(Request.Form(“cmdSubmit”)) > 0 Then

Set oCnn = Server.CreateObject(“ADODB.Connection”)
OCnn.Open “dsn=myDSN;uid=MyUid;pwd=myPwd;”
Set oRs = oCnn.Execute(“EXECUTE usp_ CheckLogin” & _
“ @usid = ‘” & Trim(Lcase(Request.Form(“usid”))) & _
“’, @password = ‘” & Trim(Request.Form(“password”)) & _
“’”)

sSessionID = oRs.Fields(0).Value
ORs.Close
OCnn.Close
Set oCnn = Nothing

If sSessionID = -1 Then
SMessage = “username or password invalid”
Else
Response.Redirect (“/?id=” & sSessionID)
End If
Else
SMessage = “ ”
End If
%>
<html><head><title>login page</title></head>
<body>
<form method=”post” action=”login.asp”>
<table>
<tr><td colspan=”2”><h3>Login Page</h3></td></tr>
<tr><td colspan=”2”><% = sMessage%></td></tr>
<tr>
<td>user name<td>
<td><input type=”text” name=”usid”
value=”<% = Request.Form(“usid”)%>”></td>
</tr>
<tr>
<td>password<td>
<td><input type=”password” name=”password”
value=”<% = Request.Form(“password”)%>”></td>
</tr>
<tr>
<td> <td>
<td><input type=”submit” name=”cmdSubmit”
value=”login”></td>
</tr>
</table>
</form>
</body>
</html>

The section

If Len(Request.Form(“cmdSubmit”)) > 0 Then
..... End If

... will be executed when the form is submitted.

<%
Dim oCnn, oRs, sMessage, sSessionID
If Len(Request.Form(“cmdSubmit”)) > 0 Then

Set oCnn = Server.CreateObject(“ADODB.Connection”)
OCnn.Open “dsn=myDSN;uid=MyUid;pwd=myPwd;”
Set oRs = oCnn.Execute(“EXECUTE usp_CheckLogin” & _
“ @usid = ‘” & Trim(Lcase(Request.Form(“usid”))) & _
“’, @password = ‘” & Trim(Request.Form(“password”)) & _
“’”)

sSessionID = oRs.Fields(0).Value
ORs.Close
OCnn.Close
Set oCnn = Nothing

If sSessionID = -1 Then
SMessage = “username or password invalid”
Else
Response.Redirect (“/?id=” & sSessionID)
End If
Else
SMessage = “ ”
End If
%>

Again, we establish a connection to the database, and this time pass the form elements “usid” en “password” to the stored procedure usp_CheckLogin.

We store the returning value in a variable called sSessionID and close the connection to the database. If the value of sSessionID is –1, we give a message which will be displayed in the form we just filled out, otherwise we redirect to the home page and tag the querystring(“id”) with the new sessionID.

Next: Conclusion >>