question about MM_Username and Restrict Access to Page

Report · Nov 18, 2006

Hi,

Quick clarification required...
The Restrict Access to Page behaviour, as far as I can see in the code,
checks to see if value Session("MM_Username") exists. If it is blank, it
doesn't allow access.

What would happen though if someone logged into a site that uses the Login
User behaviour, thus creating the MM_Username session, then left that site,
within the same browser, and immediately tried to access a page on another
site that has the Restrict Access to Page behaviour. Because the
MM_Username session exists, would they be given access to this page, despite
it being on a different site?

I've not set up two sites to try this, but I did try this within a
subdirectory of one site and it allowed access to both areas, which is why I
ask.

Cheers
nath.

Report · Nov 18, 2006

Session variables are specific to the website domain, e.g. A session
variable set on www.website1.com cannot be used on www.domain1.com.
So your Session("MM_Username") which is set on your website could not be
used on one of my websites even though I have
used Session("MM_USername") on mine.

Regards
Bren

--
Why do I climb mountains? Simple! because they are there
www.3peakschallenge.co.uk

Report · Nov 18, 2006

That will explain why it worked within the sub-domain then. Thanks Bren.

Nath.

"Bren" <bren@dontbothermewithspam.com> wrote in message
news:ejn0o4$590$1@forums.macromedia.com...
> Session variables are specific to the website domain, e.g. A session
> variable set on www.website1.com cannot be used on www.domain1.com.
> So your Session("MM_Username") which is set on your website could not be
> used on one of my websites even though I have
> used Session("MM_USername") on mine.
>
> Regards
> Bren
>
> --
> Why do I climb mountains? Simple! because they are there
> www.3peakschallenge.co.uk
>

Report · Nov 20, 2006

"tradmusic.com" <sales@NOSHPAMtradmusic.com> wrote in message
news:ejn18j$5rp$1@forums.macromedia.com...
> That will explain why it worked within the sub-domain then. Thanks Bren.
>
> Nath.

If you want to feel even better, it's not the domain - it's the actual,
physical server. So if you have a web farm with several servers, and one
serves the login request, then a second performs the "restrict access"
behavior, the restrict access will fail.

To get sessions to work in a web farm, you need special software. For .NET,
there's a state service that comes with the framework. You need only turn
it on. For classic ASP, you'll need to buy a third-party solution.