well, i made certain changes and now my login code is working, also a
session id is created every time the user logs in.
This is my final login code:
namespace Login
{
public partial class _Default : System.Web.UI.Page
{
SqlConnection conn = new SqlConnection(@"Data Source=SWATY
\SQLEXPRESS;Initial Catalog=Project_mydb;Integrated Security=True");
SqlCommand cmd = new SqlCommand();
SqlDataAdapter da = new SqlDataAdapter();
DataSet ds = new DataSet();
protected void btnLogin_Click(object sender, EventArgs e)
{
cmd.CommandText = "select * from Login";
cmd.Connection = conn;
da.SelectCommand = cmd;
da.Fill(ds, "Login");
int totaluser = ds.Tables["Login"].Rows.Count;
for (int i = 0; i < totaluser; i++)
{
if (txtUserName.Text == ds.Tables["Login"].Rows[i]
["Username"].ToString() && txtPassword.Text == ds.Tables["Login"].Rows
[i]["Password"].ToString())
{
Session["userId"] = txtUserName.Text;
Response.Redirect("Home.aspx");
}
else
{
ErrorLabel.Visible = true;
}
}
}
}
}
Now I need to work on the logout code. I've written a certain code for
logout but, on clicking the logout button, even after I am redirected
to the Login Page, the browser's back button is still enabled which
can bring the user back to the previous page(which I don't want to).
Can u tell a way to either disable back browsing or to clear page
history? Plz tell me what changes I need to make? Here's my logout
code:
namespace Login
{
public partial class Home : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
lblUser.Text = "Welcome" + Session["userId"].ToString();
}
protected void btnLogout_Click(object sender, EventArgs e)
{
Response.Redirect("Default.aspx");
Session.Contents.Abandon();
Session.Abandon();
Session.Clear();
}
}
}
On Jan 30, 8:55 pm, Cerebrus <[email protected]> wrote:
> Gosh, that is some scary code (only referring to the Page_Load
> part) !! Do you realize how many problems that code has on so many
> different levels ? I won't go into the problems here because it would
> constitute an essay in itself.
>
> To answer your question(s) then:
>
> The pseudocode for a Login page/control should be as follows:
>
> Page_Load:
> ~ If the page is loading for the first time, check if user is logged
> in (A UserID is present in Session). If yes, redirect to Home page. If
> no, show Login controls (username, password, submit button, Forgot
> password link).
>
> Login Submit Click:
> ~ Retrieve values of username and password textboxes.
> ~ Create an SqlCommand pointing to a Stored Procedure (SP) (called
> IsLoggedIn, for example) that validates a username/password
> combination against user credentials present in the database.
> ~ Set the SP parameters to those values retrieved from the username
> and password textboxes and execute the SP. The SP should simply return
> a True/False value. If required, you can return the UserID instead.
> ~ Based on this result, store the UserID into Session or show
> appropriate feedback to the user (eg. wrong password)
> ~ Redirect to the welcome page.
>
> You could also implement the same thing via a Cookie.
>
> On Jan 30, 7:21 pm, HelloWorld <[email protected]> wrote:
>
>
>
> > @Cerebrus
> > This is the Login page I created. but it does not involve any session
> > or cookies.
>
> > namespace Login
> > {
> > public partial class _Default : System.Web.UI.Page
> > {
> > SqlConnection conn = new SqlConnection(@"Data Source=SWATY
> > \SQLEXPRESS;Initial Catalog=Project_mydb;Integrated Security=True");
> > SqlCommand cmd = new SqlCommand();
> > SqlDataAdapter da = new SqlDataAdapter();
> > DataSet ds = new DataSet();
>
> > protected void Page_Load(object sender, EventArgs e)
> > {
> > cmd.CommandText = "select * from Login";
> > cmd.Connection = conn;
> > da.SelectCommand = cmd;
> > da.Fill(ds, "Login");
> > int totaluser = ds.Tables["Login"].Rows.Count;
> > for (int i = 0; i < totaluser; i++)
> > {
> > if (txtUserName.Text == ds.Tables["Login"].Rows[i]
> > ["Username"].ToString() && txtPassword.Text == ds.Tables["Login"].Rows
> > [i]["Password"].ToString())
> > {
> > Response.Redirect("Home.aspx");
> > }
> > else
> > {
> > Label3.Visible = true;
> > }
> > }
> > }
> > }
>
> > }
