A Web site has many pages, and if the user knows a link to a page, it can be accessed directly in the browser by entering the URL. However, this is not allowed on a site that requires security. We require users to be logged in to access all levels of the page, and sometimes they do want users to always see the site's home page first. These two requirements can be implemented by programming the session object in the ASP's Global.asa.
1. Users must start browsing from the homepage
If you only want users to visit the site home page each time they go to the station, you can add Response.Redirect "url" to the Session_OnStart event in the session. For example, the following code is available in Global.asa:
Sub Session-onstart
Response.redirect″netdoctor.yeah.net″
End Sub
When a user accesses a site, a connection fires the session's OnStart event, so no matter what URL the user enters in the browser on the site, the redirect command in the OnStart event shifts to the specified page.
2. Must be authenticated user to browse
For sites with security requirements, if an intranet user, you can combine authentication with NT user authentication, and simply set NTFS user permissions on the specified directory, and the validation window automatically pops up when the user accesses it. This validation does not need to be implemented using ASP programming.
The reality is that we do not have a large number of Internet users to join the domain users, generally using a database to manage user names and passwords, by the ASP program from the Web page to obtain user names and passwords to the library to find verification. If a user knows the directory structure of the site, it is possible to enter the URL of a page directly to bypass the login verification interface. In this way, login security is not a fake.
As mentioned earlier, a user is connected to the site and a Session-onstart event is raised, so we can force it to turn to the login page here. The code in Global.asa is as follows:
Sub Session-onstart
Response.redirect″login.asp″
End Sub
3. Analysis and explanation
Friends can note that the above two pieces of code are actually the same. However, for 2 of the situation, although a visit to the login page, but at this time the session of the OnStart event has ended, if you enter the specified URL, you can bypass security detection.
My solution now is to add the following code in front of each ASP page to achieve the above function:
〈%
If session (″userid″) =″″then
Response.redirect″login.asp″
End If
%〉
Where the session variable is a variable that takes effect throughout the process after the user has logged in, as in Login.asp, using the following code:
If Checkpwdok () then
Session (″userid″) =request (″userid″)
End If
However, this approach should be handled on every page of the site. For the ASP page to do so can also, the HTML page file is powerless. Therefore, this article in this paper, I hope to have friends to propose a better way.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
