Hi All
We have an ASP application which tracks holidays for our employees. When the
user logs in we store thier username in a session variable and use that
variable when displaying and adding data to the access database. The
username is the primary key for the database table.
strUsername = request.form("UserName")
set RS = server.createobject("ADODB.recordset")
MySql="select * from empprofile where empname ='" & strUserName & "'"
RS.Open MYSql, CONN_STRING
if not RS.eof then
session("UserName") = strUserName
session("Email") = RS("Email")
response.redirect("displayholidays.asp")
end if
on the display holidays page I run a query like
Select * from HolidayRequest where Username = '" & session("Username") & "'"
to display the holiday records for that employee.
I have two questions.
1. Is it a good practice to store the username in a session variable to keep
track of who is logged in?
2. Sometimes when a user is logged in for too long without any activity the
session variable clears and when adding or displaying records it gives an
error. What I would like to do is somehow keep a track and if at all the
session variable expires for it to display a message that "You have been
logged off" please login again but logging in again should take the user
back to the page which logged them out.
Many thanks for your help in advance.