Session

To set a session:

session("x") = "John"

"x" is sesseion's name, and "John" is session's value. You can replace them with anything.

To get a session:

response.write session("x")

If you already set a value "John" for the session, then the output is "John".

You can use session to track users. For example, you can set sessions in second.asp to track user name and password:

<%
u=request("user")
p=request("pass")

session("user")=u
session("pass")=p
%>

To protect a client page from other users, we can use Session and Redirect. Let's add two lines in second.asp and modify it as:

<%
u=request("user")
p=request("pass")

session("user")=u
session("pass")=p

if ((u="John") and (p="John123")) then
response.redirect "john.asp"
elseif ((u="Mike") and (p="Mike456")) then
response.redirect "mike.asp"
elseif ((u="Joe") and (p="Joe789")) then
response.redirect "joe.asp"
else response.write "<html><body>Sorry, invalid login</body></html>"
end if
%>

Let's modify john.asp. Add the following code on the top of the page:

<%
u=session("user")
p=session("pass")
if ((u="John") and (p="John123")) then

else
response.redirect "first.asp"
end if
%>

<html>
<body>
John's Web page.
</body>
</html>

The basic idea in the above session tracking is that, when an user enter an user name and a password in first.asp, the query strings are passed to second.asp where ASP sets session("user") and session("pass") with the value of the user name and password. The sessions can be retriaved in the following page john.asp. If in john.asp, you can get values of the session("user") and session("pass"), and the values match what you defined: "John" and "John123", then the page open, otherwise, you will be redirected to another page.

Test john.asp. Open a new web browser, typing: http://127.0.0.1/john.asp. Since there are no sessions of user name and password, the page will redirect you to first.asp. So as you can see, only the user who entered the correct user name and password can open the page.

↓