Please delete ALL that code and have a look at ASP.NET membership. http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
On Thu, Aug 19, 2010 at 8:26 AM, kp <[email protected]> wrote: > here is my issue: > > I have my coding like this > > For Login page: > > int cnt = 0; > /*Connection to the database*/ > > SqlCommand cmd = new SqlCommand("select > e.e_code,e.password,c.cat_type from Employee_master e, Category_master > c where c.cat_id=e.cat_id and e.e_code='" + txt_user.Text + "' and > e.password='" + txt_password.Text + "'", cn); > > SqlDataAdapter adpt = new SqlDataAdapter(cmd); > /*Collected the count in data table*/ > cnt = dt.Rows.Count; > > if (cnt > 0) > { > type = Convert.ToString(dt.Rows[0][2]); > Session["e_code"] = txt_user.Text; > Session["Role"] = type; //this is where i assign my > role of user who logged in > > if (str != null) > { > Response.Redirect(str + "?user=" + type); > } > else > { > Response.Redirect("~/Admin/chome.aspx?user=" + > type); > } > } > > For Admin Master Page: > Static string user; //declared globally > > if (user == null || user=="") > { > user = Request.QueryString["user"]; > } > else > { > //string str = Session["e_code"].ToString(); > user = Session["Role"].ToString(); > } > > The issue is that when user1 enter the login page he is allowed to > login but when a second user enters on another client at that time the > user variable is cheked and at that time the value that is obtained is > of user1 role. > > so in admin master page the if condition is false and pointer is moved > to else where the session values is null and getting object reference > not set to an instance.
