I'm using a session variable to store a userid to be used in my application. The userid is pulled at the top of each page, like so:
I had previously passed most of my information in a querystring (the page was imbedded in a frame so the querystring wasn't obviously noticed by the users) However, I wanted to set it up with a session variable so that users wouldn't be able to figure out how to manipulate the querystring and get into pages they don't have access to. The first check is to count the session variables to make sure that the users have indeed logged in and a session variable exists. This works fine..... until a user gets up and walks away from the machine for 30 mins. At this time the session variable seems to time out and lose it's value, however Session.Contents.Count does not decrease itself by one when the value times out. So, even though a value doesn't exist for userid, the initial check isn't evaluated correctly, and all SQL queries ran for my userid have a value of "undefined". I know instead of checking Session.Contents.Count I could check to see if (userid == "undefined") after the value is pulled, but is there a better way to do this?
I'm using server side JScript by the way.... not VBScript.
-kaht
Code:
var loggedIn = Session.Contents.Count;
if (!loggedIn) {
Response.Write("<body style='background-color : #0000a0; color : #ffffff; font-size : 20pt; font-family : serif'>\n");
Response.Write("<center><u>You cannot access this page.</u></center><br>\n");
Response.Write("<center>Either your session timed out or you have not logged in.</center><br>\n");
Response.Write("<center>To access Vacation Planner return to the Logon Screen</center><br>\n");
Response.Write("<center><input type=button style='color : #FFFFFF;background-color: #0000A0; cursor : hand' onclick='javascript:window.location=\"login.html\";' value='Logon Screen'></center>\n");
Response.Write("</body>");
Response.End;
}
var userid = String(Session("userid"));I'm using server side JScript by the way.... not VBScript.
-kaht
