Dreamweaver MX Server Behaviour Problem - Help :~)

  BBez 13:06 07 Mar 04
Locked

Having a nightmare with user authentication in Dreamweaver.

The problem is that i have 2 levels of security, 1 for an admin section, so admins can have full control of a database (security level 1) and level 2 for the members area of the website, who are restricted from entering any level 1 security area of the site.

When i test the login page, everything works as expected, e.g. users are directed to the correct "home" page but, if i login as a member (level 2) it takes me to members home page fine, no probs. If i login as one of my Admins, it also takes me to the Admin home page, where i plan to have add, insert, delete options for the database. The major problem i'm having is that it only sits on the Admin page for 5 seconds then kicks me back to "login.asp" so it's like an authentication problem.

I have included all my configurations for the security in Dreamweaver below, hope it displays correctly formatted...


login.asp = if suceed goto admin.asp else goto denied.asp


admin.asp = restrict access to page, user,password,security_level = 1 else goto "members.asp"


members.asp = restrict access to page user,password,security_level = 1,2 else goto "denied.asp"


denied.asp = inserted head tag, refresh = 5 seconds then refresh to "login.asp"

hope someone can tell me what i've done wrong as i've got an identical configuration on another testsite and all features work fine...thanks in advance for any advice...

  BBez 13:08 07 Mar 04

also checked Access DB for permissions, all OK..!

  Taran 19:29 07 Mar 04

You're absolutely positive that the 'identical' setup on your other site that works is, in fact, identical ?

Is the code you listed everything or have you any error checking that outputs a text message onscreen ?

Have you assigned a cookie or are you using sessions ?

A properly set up session works wonders for authentication systems, since any page that requires logged in status to access its content simlpy refers to the user session variable set in the initial log in.

Something is obviously failing during the login process otherwise you wouldn't be getting the page redirect specified in the denied.asp page.

Post back with more detail if you can.

  BBez 00:38 09 Mar 04

apologies for the late response. Been up to my neck in Applets tonight.

Am using sessions on the site so you can't skip login routine.

I ended up checking both sites code by opening identical pages from each site in DW and found it was my HTML had somehow ended up with the refresh <head> tag on the bloody admin page.

Thank you very much for your suggestions, made me recheck my work where i finally found the error...



<html xmlns="click here">
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Refresh" content="5;URL=login.asp" />
</head>

<body>

<h1 align="center">Welcome Admin...</h1>
<h3 align="center">What would you like to do..?</h3>
<p align="center">Manage Database</p>
<p align="center"><a href="members.asp">View Website</a></p>
<p align="center"> <a href="<%= MM_Logout %>">Log Out</a></p>
</body>
</html>

  BBez 00:47 09 Mar 04

Taran, another quick question if you don't mind...

is the user session variable stored on the webserver / host?

  Taran 07:01 09 Mar 04

The answer is, in fact, both !

A session is 'stored' for want of a better word both on the client PC and on the web server for the duration of the session.

What happens is a session ID is sent to the client PC by the server which is a special, very small cookie. All it [normally] contains is the session ID itself, which is a long string of letters and numbers. You can adjust this if you want to so that it stores other things but that kind of defeats the whole purpose of using a session object to begin with.

The web server stores the rest of the information for that users session until the session is ended. This will either be automatically ended after a default 20 minutes of inactivity on the site, or when you set it to die.

The session variable cookie sent to the client browser that contains the session ID is rather clever in that it works on a browser that has had cookies disabled.

After that, any calls made that require manipulation of user details [name, nickname, form selections for feedback or e-commerce and so on] may be used and processed at will through the session, since by setting the session and establishing it, you can use it as a variable in your web programs.

It's a very powerful system and opens up all kinds of possibilities.

Hope that answers your question.

  BBez 12:53 10 Mar 04

thanks again, you've been a great help...

This thread is now locked and can not be replied to.

What is Amazon Go and will it come to the UK? The store without checkouts or queues

1995-2015: How technology has changed the world in 20 years

Hands-on with the Star Wars fighting drones you can fly yourself

iPhone 9 and beyond: 32 amazing future smartphone developments - graphene, supercapacitor…