how to use session in login page

Question

0.00/5 (No votes)

See more:

by this code i am using to login but this is not efficient apporach.i want to use session for my login.how would i do it
please help me with that...

C#

try
            {
                SqlConnection con = new SqlConnection(@"Data Source=LENOVO-74FE9906\SQLEXPRESS;AttachDbFilename=D:\Farrukh\Orignal Project\Inventory Management System\IMS.mdf;Integrated Security=True");
                string query = "SELECT [user].* FROM [user] where u_name='" + txtusername.Text + "' and pwd='" + txtpassword.Text + "'";
                SqlCommand com = new SqlCommand(query, con);
                con.Open();
                if (txtusername.Text == "admin")
                {

                    if (com.ExecuteReader().HasRows)
                    {


                        Response.Redirect("index.html");
                        Label3.Text = "successfully";



                    }
                    else
                    {
                        Label3.Text = "not successfully";
                        txtusername.Text = "";
                        txtpassword.Text = "";
                    }
                }
                else if (txtusername.Text == "user")
                {
                    if (com.ExecuteReader().HasRows)
                    {


                        Response.Redirect("userinventory.aspx");
                        Label3.Text = "successfully";



                    }
                    else
                    {
                        Label3.Text = "not successfully";
                        txtusername.Text = "";
                        txtpassword.Text = "";
                    }
                }

                con.Close();
            }
            catch (Exception ex)
            {
                Console.Write("" + ex.Message);
            }

Posted 27-May-13 2:45am

fak_farrukh

Updated 27-May-13 2:48am

Aarti Meswania

v2

Add a Solution

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

vivek_2984 · Answer 1 · 2013-05-27T02:47:00

Solution 1

Add this

Session["username"]

to where the user in succesfully logiin ....

Posted 27-May-13 2:47am

vivek_2984

Comments

fak_farrukh 27-May-13 8:52am

add to where

Thanks7872 · Answer 2 · 2013-05-27T03:52:00

First of all,if you use session it will be stored in server memory,so thats bad idea and as a good software expert you should avoid using that.

Further,refer to the below links.

Managing Web Site Users with Roles[^] [This link will explain how to redirect users based on their role(admin,user etc.)]

Implement Simple Forms Authentication[^] [This link will explain how to redirect unauthenticated user to login page]

I strongly suggest you to use role based authentication because,think of the system which have 20 user types(admin,user,teacher,hod,ass prof. prof. etc) then redirecting each and every user to different pages will be so tedious.

So try using the above approach,that will help you in this as well as in future issues also.

Best Regards.. :)

Murali0195 · Answer 3 · 2013-05-27T19:01:00

Solution 5

Hi...
Use sessions like this.

session["username"]=textbox1.text;
session["password"]=textbox2.text;

if u want any where,create obj to login page and use sessions.
thank u.

Posted 27-May-13 19:01pm

Murali0195

Zafar Sultan · Answer 4 · 2013-05-27T03:22:00

First of all this is a real bad piece of code in terms of security. Your site can be easily hacked using SQL Injection. Always use stored procedure is the golden rule number 1.

Second, you are passing plain text as password. That means you are storing password in you table as plain text. Anyone with access to that table can enjoy freebies!

Third, if a user logs in successfuly and is redirected to "userinventory.aspx", do you check if he change the URL to "Index.aspx" manually, he will not be granted access?

When you have taken care of these issues very well, try using

C#

if (com.ExecuteReader().HasRows)
{
Session["loggedinuser"] = txtusername.Text; 
}

And wherever you want to use the username try:

C#

if (com.ExecuteReader().HasRows)
{
string username = Session["loggedinuser"];
}

how to use session in login page

4 solutions

Solution 1

Solution 4

Solution 5

Solution 3

Add your solution here

Preview 0