I created a website in ASP 2.0/c# that connects to an Access 2000 database. Currently I have 4 pages that people can view without logging in, which are reports that post marathon race results. Only one maybe two people will actually ever have to log in to enter the race data.
For the login I created a form that asks for user name and password. Then I do a sql query to see if that matches the information in the database. If it does it grabs their role which would be admin.
Here is my code for this: -
protected void Button1_Click(object sender, EventArgs e)
-
{
-
if (txtUser.Text != "" && txtPassword.Text != "")
-
{
-
OleDbConnection conn = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;data source=" + Server.MapPath("~/App_Data/pfrpc.mdb"));
-
OleDbCommand cmd = new OleDbCommand("select RunnerID, Role from Runner WHERE UserName = @UserName and Pass = @Password", conn);
-
-
cmd.Parameters.Add("@UserName", OleDbType.VarChar, 50);
-
cmd.Parameters["@UserName"].Value = txtUser.Text;
-
cmd.Parameters.Add("@Password", OleDbType.VarChar, 50);
-
cmd.Parameters["@Password"].Value = txtPassword.Text;
-
-
conn.Open();
-
-
OleDbDataReader reader = cmd.ExecuteReader();
-
string test = "";
-
if (reader.Read())
-
{
-
Session["userRole"] = reader["Role"];
-
Session["RunnerID"] = reader["RunnerID"];
-
-
test = Session["userRole"] + "";
-
-
-
if (test == "admin")
-
{
-
Response.Redirect("RaceTimes.aspx");
-
}
-
-
}
-
else
-
{
-
lblError.Text = "Invalid Login";
-
}
-
reader.Close();
-
conn.Close();
-
-
}
-
else
-
{
-
lblError.Text = "You must fill in both the username and password fields";
-
}
-
-
}
-
Once the session variable is equal to admin the other pages become available. By default in all of the admin pages the controls are not visible and if the session variable is equal to admin it will make the items visable. Here is a sample of one of the pages: -
string test = Session["UserRole"] + "";
-
-
//verifies if user logged in
-
-
if (test == "admin")
-
{
-
txtMinutes.Visible = true;
-
txtSeconds.Visible = true;
-
txtYear.Visible = true;
-
ddlBibNum.Visible = true;
-
ddlRace.Visible = true;
-
lblBibNum.Visible = true;
-
lblMinutes.Visible = true;
-
lblSeconds.Visible = true;
-
lblYear.Visible = true;
-
lblRaceNum.Visible = true;
-
btnSave.Visible = true;
-
-
}
-
else
-
{
-
lblError.Text = "You must login to have access to this page!";
-
}
-
Anyways this works on my pc through development but after I put these files on a server (which is on a free hosting server that I am using for testing) it times out really fast. After about 30 seconds to a minute my session loses that it is an admin and the pages tell me that I am not an admin anymore. Any thoughts on this? Are session variables the best way to go in this case? Hopefully I provided enough code for you to have an understanding of what I am trying to do. Any help would be much appreciated!
Thanks!
16 2049 TRScheel 638
Recognized Expert Contributor
Curiously, do you ever set the timeout on the Session?
No, I'm not sure how to do that. Where do I set that? In the web.config?
TRScheel 638
Recognized Expert Contributor
No, I'm not sure how to do that. Where do I set that? In the web.config?
The session object itself should have a timeout property
Plater 7,872
Recognized Expert Expert
No, I'm not sure how to do that. Where do I set that? In the web.config?
Some session timeout settings are in the IIS settings for the web-application itself.
Well I had time to play with it a bit more. It seems that if I stay in the same page and add data (while refreshing and clearing the form after the data is saved)the session doesn't time out. It seems to loose the session variable when I go from page to page. It has to be the way I coded the pages. Any thoughts on this?
Well I have to change that theory again. After more testing I have found that the pages are timing out. It is just the form because visible and I didn't have them to turn back to invisible if the user wasn't an admin.
At least I found one flaw....
I also emailed my host provider to ask about their servers... Lets see what they say. Does anyone have any other suggestion other then session variables?
Plater 7,872
Recognized Expert Expert
Are you set to use "InProc" as your seesion mode?
Umm I'm not sure. I am using what ever is default for session variables. Here is my web.config: -
<?xml version="1.0"?>
-
-
<configuration>
-
<appSettings/>
-
<connectionStrings/>
-
<system.web>
-
-
<pages theme ="purple" />
-
-
<compilation debug="true"/>
-
-
<authentication mode="Windows"/>
-
-
-
-
<siteMap defaultProvider="AspNetXmlSiteMapProvider" enabled="true">
-
-
<providers>
-
-
<add siteMapFile="~\web.sitemap" name="MyXmlSiteMapProvider" type="System.Web.XmlSiteMapProvider"/>
-
<add siteMapFile="~\web2.sitemap" name="MyXmlSiteMapProvider2" type="System.Web.XmlSiteMapProvider"/>
-
</providers>
-
-
</siteMap>
-
-
-
</system.web>
-
</configuration>
Frinavale 9,735
Recognized Expert Moderator Expert
Anyways this works on my pc through development but after I put these files on a server (which is on a free hosting server that I am using for testing) it times out really fast. After about 30 seconds to a minute my session loses that it is an admin and the pages tell me that I am not an admin anymore. Any thoughts on this? Are session variables the best way to go in this case? Hopefully I provided enough code for you to have an understanding of what I am trying to do. Any help would be much appreciated!
Thanks!
I know this wont help you to understand your Session Time out issues....
But Since you've ask if Session variables are the best way to go in this case I'm going to suggest you use something completely different.
Since you're using .NET 2.0 framework there are tools available to you that simplify the user authentication and authorization process.
Check out this video first.
Then I'd suggest looking into the information provided by MSDN on the following:
The video was taken from a website that contains a lot of useful information on the topic: this website is found here.
I hope this helps you out!
-Frinny
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Larry Woods |
last post by:
I have a site that works fine for days, then suddenly, I start getting ASP
0115 errors with an indication that session variables IN SEPARATE SESSIONS
have disappeared!
First, for background information, I have a customized 500-100 page that
sends the value of various session variables via email to my support site.
The situation:
On the home page of the site, the FIRST THING that is done is a Session
|
by: Al Jones |
last post by:
This is a repost form the vbscript newgroup - if this isn't the appropriate
group would you point me toward one that is.
Basically, I seem to be losing session data part way though preparing an
email from (possibly) three seperate forms.
the following code is the end of a routine which stashes data from the first
form
off to session variables and then redirects itself to the proper form /
procedure depending upon the state of two...
|
by: Paul H |
last post by:
Hi there
I'm having a problem where I'm losing Session variables as soon as they've
been set up.
The user logs onto the system, the system sets some Session variables, and
redirects to a menu page. The menu page checks the Session variables, can't
find them, and asks the user to log in again - the second login is successful.
Has anyone seen this before, and do you know what I should do about it?
|
by: bennett |
last post by:
In the web.config file for my application, in the <sessionState>
section I have set timeout="120" (in minutes), but session state
variables in my application seem to be expiring in about 5 minutes.
Any idea what could cause this?
I have the mode="InProc" attribute set for <sessionState>. I know that
some people have solved the problem of session variables timing out too
quickly by changing that attribute, but I cannot use...
|
by: tshad |
last post by:
I have been using the default session state (InProc) and have found that I
have been loosing my information after a period of time (normally 20
minutes).
Is there anyway to find out how much more time I have on a session?
If I do a refresh, does reset the session clock?
Do you have have to go to another page to reset the session timeout or will
a postback also do it? This is important as we have a few pages that a user
| |
by: Phillip N Rounds |
last post by:
I'm writing a user control which has two states: Active & InActive. I
additionally am required that there to be only one active control per page,
and all logic has to be contained within the control.
In its inactive state, only a single button appears. If the user clicks on
this button, the control becomes active( the rest of the control's
functionality becomes visible), and all other instances of this user control
on the page should...
|
by: Not Me |
last post by:
Hi,
I have a set of pages that use forms authentication for access. There
are times when one of the session objects I'm using appears to
disappear. The session is not timing out, however. (if I go to a page
that doesn't use that specific object it works fine and I'm not
redirected to the login page)
Apologies if I'm using the incorrect terminology.. the session object
I'm using is a class of my own, which features several private...
|
by: MrHelpMe |
last post by:
Hello again all,
I've finished my whole application and now I don't like the whole
session variables that I am using. I have a form, user fills in info
clicks submit and using CDOSYSMail an email link gets created with an
encoded query string. i.e
http://www.yahoo.ca?#$@%@&#%#$@&^@%# which translates into
http://www.yahoo.ca?userID=54&LocationID=Denver.
Now when the user get's this email and clicks on the link I have a
|
by: Nathan Sokalski |
last post by:
I have a page that uses Session variables when generating the SQL statements
used to submit and retrieve data from a database. However, because I don't
know how long the user will be on the page, setting the Session.Timeout
property doesn't help me avoid errors (I can obviously set the value to a
very high value, but that still doesn't completely solve the problem). Is
there any way for me to avoid the Session timing out? Thanks.
--...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |