Hi everyone,

Can anyone tell me how you can stop users from URL Hacking your website with ASP (sessions)?
So for example if you have a password and username form on the front of your website and only want authorised members to gain access to your web site.

So for example just say you had a page e.g: somepage.htm and a user who was not logged in types www.somesite.com/somepage.htm. How can you stop them from getting access to the that page if they are not logged in?

P.S: Do you have any sample code?

Please help,

Jay.

<%
Dim lgn,pas ' Login name & Pasword
lgn=cstr(Request("login"))
pas=cstr(REquest("pass"))
if ((lgn="login") AND (pas="123")) then 
  session("admin") = True
  response.Redirect("somepage.asp")
end if
 
'now if the user have not logged in then 
if NOT(session("admin")) then Response.Redirect("NoAccess.asp")
%>

The simplest code will look like this.

Hi Jay,

Did you manage to solve the URL hacking problem? I have the same situation and would really appreciate it if you could let me know how you got around it.

Thanks,
Tony

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.