From: Dan Thompson on 7 Dec 2009 13:29 Hello I am still quite new to ASP and I am wondering if anyone can help ? I am trying to write a ASP script to put into my website that will generate a random and unique Session ID that is stored in a cookie on the clients end for the duration of time they are logged into my website. Can anyone provide me with a simple ASP script to do this or at least provide some insight on how to go about doing this ? Dan Thompson
From: Evertjan. on 7 Dec 2009 13:46 =?Utf-8?B?RGFuIFRob21wc29u?= wrote on 07 dec 2009 in microsoft.public.inetserver.asp.general: > Hello I am still quite new to ASP and I am wondering if anyone can > help ? I am trying to write a ASP script to put into my website that > will generate a random and unique Session ID that is stored in a > cookie on the clients end for the duration of time they are logged > into my website. Can anyone provide me with a simple ASP script to do > this or at least provide some insight on how to go about doing this ? ASP will do this by itself. <% Response.Write Session.SessionID %> -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress)
From: Dan Thompson on 7 Dec 2009 14:19 I thought I would clarify more what I am looking for so here is the deal. I already have a Login.asp page where the user can type in login information then I have a verify.asp page that verify's the user login info with the username and password information in MySQL database. The problem is I need a unique user ID and I could just use some sort of random user ID number generator function into MySQL as a primary key (userID) but once the number has been generated for new user that has been added to MySQL database that user ID is going to be the same for as long as the user exists in the database. I would much rather just have my verify page verify that the username and password are correct and than have ASP assign a session ID to that user for the duration that they are on my website that way it is more secure and less likely that someone could guess the URL as the session ID number would only be valid for the duration that the proper user is logged into the site and would be a different number the next time that same user log's into the site. Please can anyone help with this question ? Dan Thompson "Dan Thompson" wrote: > Hello I am still quite new to ASP and I am wondering if anyone can help ? > I am trying to write a ASP script to put into my website that will generate > a random and unique Session ID that is stored in a cookie on the clients end > for the duration of time they are logged into my website. Can anyone provide > me with a simple ASP script to do this or at least provide some insight on > how to go about doing this ? > > Dan Thompson
From: Evertjan. on 7 Dec 2009 16:14 =?Utf-8?B?RGFuIFRob21wc29u?= wrote on 07 dec 2009 in microsoft.public.inetserver.asp.general: > I thought I would clarify more what I am looking for so here is the > deal. > > I already have a Login.asp page where the user can type in login > information then I have a verify.asp page that verify's the user login > info with the username and password information in MySQL database. > The problem is I need a unique user ID and I could just use some sort > of random user ID number generator function into MySQL as a primary > key (userID) but once the number has been generated for new user that > has been added to MySQL database that user ID is going to be the same > for as long as the user exists in the database. > I would much rather just have my verify page verify that the username > and password are correct and than have ASP assign a session ID to that > user for the duration that they are on my website that way it is more > secure and less likely that someone could guess the URL as the session > ID number would only be valid for the duration that the proper user is > logged into the site and would be a different number the next time > that same user log's into the site. > > Please can anyone help with this question ? As I told you, the session.id is unique and available during the whole session. I do not see the problem that the user also has his unique serial nmber in your database, you can just assign that nummber to a session variable, that is not available to the outside world, but uniquely identifies your user during a single or multiple sessions. Ofcourse, you should not use that number as a determinant for the session in a querystring or post data. That is where session cookies come in to hold the Session.id value. Are you afraid of cookies, perhaps? -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress)
From: Neil Gould on 8 Dec 2009 07:51 Hi Dan, Dan Thompson wrote: > I thought I would clarify more what I am looking for so here is the > deal. > > I already have a Login.asp page where the user can type in login > information then I have a verify.asp page that verify's the user > login info with the username and password information in MySQL > database. > The problem is I need a unique user ID and I could just use some sort > of random user ID number generator function into MySQL as a primary > key (userID) but once the number has been generated for new user that > has been added to MySQL database that user ID is going to be the same > for as long as the user exists in the database. > I would much rather just have my verify page verify that the username > and password are correct and than have ASP assign a session ID to > that user for the duration that they are on my website that way it is > more secure and less likely that someone could guess the URL as the > session ID number would only be valid for the duration that the > proper user is logged into the site and would be a different number > the next time that same user log's into the site. > > Please can anyone help with this question ? > > Dan Thompson > Every ASP session generates a unique session ID, as Evertjan has pointed out. However, for what you've said you're trying to accomplish, I doubt that the session ID would be of use, because a unique ID is generated every time a user logs in, and it is used only to track that specific session, so it would have no value as a validator in a cookie. OTOH, a unique user ID that is assigned when the user is initially added to the database can be accessed during log in to track other activities. Typically, this will be a key field to make searches faster, and is useful as a way to build entries in a related table, for example for logging orders or such. As you may guess, this leads to a host of other issues regarding the structure of relational databases that is unrelated to the issue of security. There is a lot of information about this on the web, and if you narrow your concerns a bit, a google search will provide you with a lot of reading material. Best, Neil
|
Next
|
Last
Pages: 1 2 Prev: Get "Comments" from File property on ASP web page Next: Preventing bots? |