Address bar URL question
When a user is logged in, for example their profile they can change the username in the url and can view other user's profiles, and read their messages. For example,
profile.asp?user=username
Can sessions correct this?
When a user is logged in, for example their profile they can change the username in the url and can view other user's profiles, and read their messages. For example,
profile.asp?user=username
Can sessions correct this?
Greg K posted this at 22:17 — 28th August 2007.
He has: 2,145 posts
Joined: Nov 2003
Yes it can if set up properly. Do a google search for asp session login tutorial and you will be able to find tons of them.
The main concept is each page verifies the username/password that are stored in the session to validate the user before any access is given. Note, that for security purposes, you do NOT use the plain text version of the password in the session.
-Greg
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.