Easy user Access control in ASP (1)

The usual way to pass parameters between pages in a site is through a URL query string, or by setting a hidden field in the form. Two other popular methods are using cookies, or using ASP session variables. In this article, we will discuss how to use cookies and session variables to manage user access to site pages.

Use cookies to track visitors
The traditional way to track visitors ' access to a page is to use Cookies,cookie, a text file that is stored on the computer at one end of the user, which is sent to the server when the user accesses the corresponding domain. As a basic application, cookies are used as a means of authenticating and distinguishing registered users when the user accesses the site again, without requiring them to re-enter the registration information. Similarly, you can use cookies to save some of the settings that the user used to visit the site.
Using cookies in ASP is very simple, you can use the Request object's cookies collection to retrieve all the cookies stored on the client, and then use the Response object's cookies collection to create or modify the cookie value, and save to the client.
Like many objects in an ASP, a cookie can be a member of a collection, and it can be a collection itself. Creating a single cookie is very simple, and the code is as follows:
Response.Cookies ("item-name") = "Item-value"
Create a cookie that contains more than one numeric value, and the code is:
Response.Cookies ("Item-name") ("sub-item-name") = "Sub-item-value"
Set the domain properties of the cookie, the path properties, and the usage expiration time, and the related code is:
Response.Cookies ("Item-name"). Domain = "Domain-url"
Response.Cookies ("Item-name"). Path = "Virtual-path"
Response.Cookies ("Item-name"). expires = #date #
The following example creates a cookie selection on the browser side, noting that cookies must be created before the browser prints any information because they are part of the HTTP headers:
〈 %
Response.Cookies ("Simplecookie") = "Simpleexample"
Response.Cookies ("Compoundcookie") ("Value1") = "Value1" Response.Cookies ("Compoundcookie") ("Value2") = "Value2"
Response.Cookies ("Timedcookie") = "Timedexample"
Response.Cookies ("Timedcookie"). Path = "/" Apply to our entire site response.cookies ("Timedcookie"). expires = #10/10/ 2005#
% 〉
〈html〉
〈body〉
...
〈/body〉
〈/html〉
Read cookies
You can read the entire contents of all cookies by using the request object and traversing the cookie collection. If some cookies contain multiple values, they are output by traversing the collection of the cookie itself.
〈html〉
〈head〉〈title〉reading the Cookie collection〈/title〉〈/head〉
〈body〉
〈b〉the contents of your Cookies are:〈/b〉〈p〉
〈table cellpadding=0 cellspacing=0〉
〈 ％
For each Item in Request.Cookies
If request.cookies (Item). HasKeys Then
Use another for ... Each to iterate this collection
For each itemkey in Request.Cookies (Item)
Response.Write Item & "(" & Itemkey & ") =" _
& Request.Cookies (Item) (Itemkey) & "〈br〉"
Next
Else
Print the complete cookie string as normal
Response.Write Item & "=" & Request.Cookies (item) & "〈br〉"
End If
Next
%〉〈/table〉
〈/body〉
〈/html〉
The following illustration shows the results of executing the code above. However, when you close the browser and reopen it now, run the code again, except all the values that Timecookie thinks are gone. This is because only Timecookie sets the use expiration time, and the rest automatically disappears when the browser is closed.

Here's a discussion of how to use cookies to save login information and see how to use cookie values between ASP pages. Keep in mind, however, that cookies are sent only to sites that have the same path as the previous access, which means that the cookie will take effect in the context of the initial setting. If you do not set the Path property for the cookie, its value defaults to the virtual path it was created in.
Here is an example of saving login information to a cookie. The cookie does not exist when the current user session ends because there is no "use due time" set.
...
Response.Cookies ("User") ("v1") = "〈% = Request (" v1 ")%〉" username response.cookies ("user") ("v2") = "〈% = Request (" v2 ") %〉 "Password response.cookies (" User "). Path ="/adminstuff "Apply to admin pages
...
You can now look for this cookie on every page that the user requests, and redirect the user to the login page if it isn't found:
...
If (Request.Cookies ("User") ("v1") 〈〉 "Alexhomer") _
Or (Request.Cookies ("User") ("v2") 〈〉 "secret") Then
Response.Redirect "default.asp?nogood=yes&v1=" & Request.Cookies ("User") ("v1")
End If
...
Using ASP session variables to track audiences
In addition to using cookies, we can make full use of the session variables in ASP. We can save the values in the user session variable, so long as the session variable is active, the saved values can be exploited. Typically, these session variables will remain for 20 minutes after the user requests the page last, unless we explicitly release the session variables using the Session.Abandon method. At the same time, you can set this expiration time using the Session.Timeout property in the ASP script.
Using session variables to track visitors is more secure than using cookies because the contents of a user's sessions variable are not passed on the network as page requests. In addition to the initial login, the username and password (or any numeric value) are kept on the server. We can differentiate and authenticate visitors and keep their login information in their own session object. When a visitor is required to authenticate, the information is taken from their own session object. For example, the following code is added to the page submitted by the user after logging in:
...
Session ("UserName") = Request ("v1") UserName the From logon dialog form
Session ("Password") = Request ("v2") Password the From logon dialog form
...
Then, when you need to authenticate the visitor, find the cookies and retrieve the username and password from them:
...
If (Session ("UserName") 〈〉 "Alexhomer") _
Or (Session ("Password") 〈〉 "secret") Then
Response.Redirect "Default.asp?nogood=yes&v1=" & Session ("UserName")
End If
...