>Correction
>
>Working on an organizational web site. Certain pages that require login, which I include this line at the top of the page
>
>#INCLUDE file="security.asp"
>
>the ‘security.asp’ page checks to see if the CusKey (customer account) session variable is set or not. If not displays the login screen or it continues on with the original page.
>
>It works great unless you pass a parameter the page like: events.asp?staff=1
>Events.asp has the #INCLUDE file="security.asp"
>
>At that point the request.querystring does not see the ?staff=1
>
>session("staffkey")=request.querystring("staff")
>
>How can I capture the parameter ?staff=1
The syntax seems to be ok. The problem that I see with your approach is that it will be too easy to bypass your login screen by typing this request on the address line.
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement