Login or Sign up Help | Site Map
Connecting Tech Pros Worldwide
Bytes > Forums - Questions and Answers > ASP Forum

Comparing a session value to a querystring

Question posted by: Spoogledrummer (Newbie) on April 24th, 2008 09:20 PM
Hi,

I'm attempting to limit access to a page without creating a whole load of session values and there for re-writing the page. So I've come up with the following code on a test page
Code: ( text )
  1. <%@ Language=VBScript %>
  2. <%Option Explicit%>
  3. <%
  4. IF session("Userid")<>request.Querystring("Stu") and session("Userid2")<>request.Querystring("Stu") Then
  5.         response.redirect "../../login/errors/notloggedin.asp"
  6. End if
  7. %>

This in theory should prevent the user from editing the url themselves as if their session value doesn't match the value in the url it should re-direct them to an error. For some reason it's not working though even though that's literally all the code there is on the page.

If I get it to print out the session userid and the url stu value they are the same yet it still redirects me to the error page. What am I missing?
Would you like to answer this question?
Sign up for a free account, or Login (if you're already a member).
deric's Avatar
deric
Member
70 Posts
April 25th, 2008
01:12 AM
#2

Re: Comparing a session value to a querystring
How about the Userid2, is it the same with the Stu value?
I'm not sure, but you can try converting the session values to string...
Reply
Spoogledrummer's Avatar
Spoogledrummer
Newbie
21 Posts
April 25th, 2008
02:30 PM
#3

Re: Comparing a session value to a querystring
userid2 would be blank if userid has a value. It's basically 2 different applications sharing the same pages so the user will only ever have one or the other. I'll give the string thing a try. Thanks
Reply
deric's Avatar
deric
Member
70 Posts
April 26th, 2008
03:38 AM
#4

Re: Comparing a session value to a querystring
So that's it.. either of the two condition should work, then you should use the OR operator and not the AND.
Code: ( text )
  1. IF session("Userid")<>request.Querystring("Stu") OR session("Userid2")<>request.Querystring("Stu") Then

If any one of them is true, then the result is true.
If both are false, then the condition is not satisfied, it will result to false and will not go inside of the IF.
Btw, you need not convert them to string.
Reply
Spoogledrummer's Avatar
Spoogledrummer
Newbie
21 Posts
May 8th, 2008
06:48 PM
#5

Re: Comparing a session value to a querystring
Quote:
Originally Posted by deric
So that's it.. either of the two condition should work, then you should use the OR operator and not the AND.
Code: ( text )
  1. IF session("Userid")<>request.Querystring("Stu") OR session("Userid2")<>request.Querystring("Stu") Then

If any one of them is true, then the result is true.
If both are false, then the condition is not satisfied, it will result to false and will not go inside of the IF.
Btw, you need not convert them to string.


Thanks but using OR wouldn't work. The aim is to redirect the user if they try to access a page that doesn't have their userid in the url. So as they will only have either userid or userid2 and the other will always be blank switching it to an or will cause them to be re-directed all the time even when trying to access their own page.
Reply
Reply
Not the answer you were looking for? Post your question . . .
178,103 Experts ready to help you find a solution.
Sign up for a free account, or Login (if you're already a member).

Top ASP Forum Contributors
Quick Browse:
Communities / Archives
XML / CSS | HTML | Javascript | PHP | Perl | Visual Basic | Python | C++ / C | Java | .NET / C# / VB / XML / ASP.net | ASP
PostgreSQL | MS SQL | Oracle | IBM DB2 | MS Access | MySQL

About Bytes | Sitemap | Privacy Policy | Terms of Use
Copyright 1995-2008 Bytes.com. All rights Reserved