Why does user login & authentication allows access to other password-protected areas?

Report · Jan 27, 2010

Why would a user that has logged in and is authenticated only for pages in web folder "a" be able to view pages in web folder "b" even if his user name and password are not in available in the MSAccess table for folder "b"?

I have a number of secure folders on my site. I created an MSAccess database that has a separate table and usernames and passwords for each web folder. I have created a separate login page for each folder, and have restricted access in all the pages in each folder in the server behaviors panel.

Thanks

Why does user login & authentication allows access to other password-protected folders with separate usernames and passwords?

Report · Jan 27, 2010

You will have to explain in more detail. The DW behaviors for user authentication does not secure folders. You can use web server security to secure folders if that's what you need. But you are also mentioning storing the user credentials in a database, so it is not clear to me which method you are using.

The basic mechanism DW uses to secure pages is to check if the user has a valid session. If they do, then they will authenticate to any restricted page, unless you add more logic or use access levels.

In Response To bregent · Jan 29, 2010

Thank you for your response.

I am trying to secure pages in a folder. People that logged in as a user for a set of pages in one folder were able to view pages in a different folder that were configured with a different login and username. I had placed a restrict access on those pages also. I think I figured out that I needed to add access levels - and that has since solved my problem.

Thank you.