Mangler wrote on 29 mei 2008 in microsoft.public.inetserver.asp.general:
Here is the process on the site before I ask the question:
User logs in
session is created based on username and userid
user edits a record in the db
a hidden field with the userid session is inserted in the db to show
who edited the record
A session is not something that can be inserted, it is not a value.
a session variable value could be put in the database, but why put that in
a [clientside] hidden formfield? [these fields are not exactly hidden to
the user if he wants to see or manpulate it.]
If a user logs in succesfully, you can set a session variable to his
usernumber, and use that to put into the database. The user does not have
to know that number, and the number does not have to be outside the server
anyway, as the user is identified by the asp session.id.
[unless the user has even ram cookies switched off,
but then there is no session in the ASP sense.]
I had a user ( mike, id -1 ) edit a record today but the userid that
got inserted was 2 ( scott ). mike doenst know scotts credentials and
scott has never used the PC that mike is using, matter of fact scott
hasnt even logged into the site today.
can someone help me figure out what might have happened so i can
correct it?
Either you made a programming error,
[like counting from zero, and later from one],
or someone is making use of your unsafe programming.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)