Skip to main content
A
Anonymous
November 17, 2009
Question

Login session variable? (ASP)

  • November 17, 2009
  • 1 reply
  • 685 views

I have a cart and if the customer has already logged in , I don't want to require them to login every time they hit the cart page within one session.

I'm can't remember which Session is used to register that the login was successful and what the variable would be.

I tried "MM_grantAccess" = true but that doen't quite work (only works if false)

Would "MM_UserAuthorization" work? What would the variable be?  Below are what

Anyways, I need something on the login page and if they've already login, they get forwarded to the prescribed page. If not logged in, they stay on the login page.

<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="login.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
  If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
    MM_grantAccess = true
  End If
End If
If Not MM_grantAccess Then
  MM_qsChar = "?"
  If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
  MM_referrer = Request.ServerVariables("URL")
  if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
  MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
  Response.Redirect(MM_authFailedURL)
End If
%>

Perhaps if someone here could explain what this does? Specifically, it's the (true Or CStr... bit and the (InStr(1,MM_author... parts that bother me.

If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
    MM_grantAccess = true
This topic has been closed for replies.

1 reply

B
bregent
Participating Frequently
November 17, 2009

In boolean logic, true,  or'd with anything will always evaluate to true. So you can effectively ignore the value of MM_UserAuthorization session variable. As long as the MM_Username session variable is not the empty string, the IF statement will be true and so MM_grantAccess will also be true.

IIRC,  MM_UserAuthorization is only used when you use the access level option in the server behavior. If not selected, DW inserts the "true" literal so it will always evaluate true, otherwise it inserts the "false" literal.

I'm not exactly clear on what you are trying to do, but the way to check if a user is logged in is to simply test the MM_Username session variablefor the empty string. If it's not empty, the user has a valid session.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices