Can anybody tell me how to use Session to authenticate user when they login , so that they can go to different pages (according to their levels, ex : webadmin, user)
Thx
:confused:

Are you using a database to find the users authentication level?
If so then the code will look like this.

---Set a session---
UserLevel = recordset("User_Level")
If UserLevel <> "" AND UserLevel > "0" THEN
UserLevel = cint(UserLevel)
END IF
Session("UserLevel") = UserLevel

---Grab session and redirect---
if session("UserLevel") = 1 THEN
response.redirect("URL1.asp")
ELSEIF session("UserLevel") = 2 THEN
response.redirect("URL2.asp")
ELSEIF session("UserLevel") = 3 THEN
response.redirect("URL3.asp")
ELSE
response.redirect("URL0.asp")
END IF

here is the logic:

you have a table called users(username,password,previliges)

when the user submits your login form you look for the username and password in the database.
then you create a session varriable that holds the previlliges

username = trim(request.form("username"))
password = trim(request.Form("password"))
if username <> "" and password <> "" then
set rs = con.execute("select * from users where username ='"&username&"' and password='"& password&"'")
if not rs.eof then
session("privilege")= rs("privilege")

response.Redirect("thenextpage.asp")
else
response.Redirect("login.asp")
end if

end if

on the next page you can use a select statment like this:

<%
privilege =session("privilege")
select case(privilege)
case "admin"

'present page with admin previlliges

case "visitor"

'present page with visitor menu only


end select
%>

this is one way of doing it.

Thanks Amir and fryre
... it works... ^^

uhmm...
another question ...

after I enter the session, how can I logout from the session (using Session.Abandon? or set Session.TimeOut? or else?)
if I want such this result :

<a href="login.html">Back</a>

After I click on "Back", it will return to login.html,
(this page is splitted into 2 frames, "Back" is in "menu" frame)

Thx

This looks good!! I'm trying to do something like this but on the different pages I make secure I add these lines.

If Session("blnIsUserGood") = False or IsNull(Session("blnIsUserGood")) = True then
Response.Redirect"logoff.asp"

But if a user knows the name and path of some of my other pages once they are loged in they can just type them in as this does nothing for the session User access level. So if a user has an access level of 1 or 2 or 3 or whatever, they can just type in the path and page of any other access levels and see the pages.
The above statement is what my login uses to secure the pages with. I also have this line.

Session("UserStatus") = ("UserStatus")

I get redirected by the proper Userstatus level but can't figure out how to add the userstatus to the different pages. Something like this... maybe...

If Session("blnIsUserGood") = False or IsNull(Session("blnIsUserGood")) = True or Session("userstatus") <> 1 then
Response.Redirect"logoff.asp"

:think:

Originally posted by amir
here is the logic:

you have a table called users(username,password,previliges)

when the user submits your login form you look for the username and password in the database.
then you create a session varriable that holds the previlliges

username = trim(request.form("username"))
password = trim(request.Form("password"))
if username <> "" and password <> "" then
set rs = con.execute("select * from users where username ='"&username&"' and password='"& password&"'")
if not rs.eof then
session("privilege")= rs("privilege")

response.Redirect("thenextpage.asp")
else
response.Redirect("login.asp")
end if

end if

on the next page you can use a select statment like this:

<%
privilege =session("privilege")
select case(privilege)
case "admin"

'present page with admin previlliges

case "visitor"

'present page with visitor menu only


end select
%>

this is one way of doing it.

Here is a rather extensive tutorial on that:

http://www.developerfusion.com/show/1744/1/

HTH
Frank

That is a nice tutorial but doesn't have alot to do with the different access levels. I'm trying to keep say access level 1 form seeing level 3 or say level 5 from seeing level 1. I'm looking for something to add to the top of my page that will only let level 1 see level 1 and level 2 only on level 2's page and so on.
This is the script I use now at the top of the pages and works except for the exat level of a user.

If Session("blnIsUserGood") = False or IsNull(Session("blnIsUserGood")) = True then
Response.Redirect"logoff.asp"

Originally posted by Frank
Here is a rather extensive tutorial on that:

http://www.developerfusion.com/show/1744/1/

HTH
Frank