What about another 'primitive' solution which assumes that one only needs
'thin' layer of protection prior to a user reaching the page:
Scenario:
A front-end navigation link is loaded with page url data and is sent to a
'pinch pont' login.asp page which checks the users email against the
database.
If found the users page url data is deposited in a page tracking table and
he is sent on his way to his desired page. If he not found, he is forced to
register and then re-login.
This approach means that the target page does not have ANY session or other
processing code...it is all done on the login.asp page which all navigation
links need to go through.
This way, I can send users directly to a web page from my emails without
having them to re-login....
What are your thoughts on this simple process.
Thanks
Jason
"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:OA*************@tk2msftngp13.phx.gbl...
No, unless you want half of AOL's subscriber base to share the same
session. http://www.aspfaq.com/2069
If your users don't trust you enough to allow a session cookie, don't let
them log in. There are kludges, of course (see the cart example in the
above article), but IMHO, they're not worth it...
--
http://www.aspfaq.com/
(Reverse address to reply.)
<ja***@catamaranco.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl... Phew! Thanks.....I take it that session variables are
problmeatic....what would you suggest is the best way to build a simple, but rich logon
system using asp 3.0 that does not use cookies...it is possible to do this by
IP?
