Trevor Passell
Reputation: 91
restrict access to a .net page without a valid session vb.net
I currently have a login page login.aspx that copies "affID" into a session and uses it on another page dashboard.aspx
login.aspx file looks like this :
Dim Query As String
Query = "select * from mdxmain.taffiliate where affID = '" & username.Text & "' and affPassword = '" & password.Text & "'"
COMMAND = New MySqlCommand(Query, MysqlConn)
Session("affID") = username.Text
READER = COMMAND.ExecuteReader
Dim count As Integer
count = 0
While READER.Read
count = count + 1
End While
If count = 1 Then
Response.Redirect("dashboard.aspx")
Else
Literal1.Text = "Invalid credentials"
End If
MysqlConn.Close()
Finally
End Try
MysqlConn.Dispose()
dashboard.aspx session load file looks like this :
Dim userid As String = HttpContext.Current.Session("affID")
I need help with not allowing access to the dashboard.aspx file without having a valid session. Also how to timeout the session after 2minutes
Upvotes: 0
Views: 75
Answers (1)
Rick S
Reputation: 6586
In your dashboard page_load event, check if the session variable is nothing, if it is, then redirect to your login page.
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
Dim userid As String = HttpContext.Current.Session("affID")
if ( userid is Nothing) then
Response.Redirect("login.aspx")
end if
End Sub
Update For the timeout there is some good information here
Upvotes: 1
Related Questions
- Require logging in to view page
- Restrict user access using session - ASP.NET
- Session check deny page access ASP.NET
- restrict access to the users
- Implement multilogin restriction in Asp.net
- How to deny direct access to page
- how to secure a single aspx page in asp.net website
- vb.net login access control
- Preventing non-logged in members from accessing a certain page
- bypass a page based on condition