Mark Hensler — Wed, 18 Apr 2001 17:52:55 +0000

Secured areas are a great use for sessions objects.

User logs in, you store at least UserName, UserID, and AuthLevel. And maybe a UserGroup.

On EVERY page in the secured area you will need to include a page, I'll call it AuthLevel1.asp. In this file, you will check to see if the session exists. If the session is null or empty, kick them out, perhaps to a login screen. If the session is there, check to see if the AuthLevel is high enough for this area. If not kick them out (Response.Redirect()) .

Some areas may lock out everyone but certain people. If this is the case, include a different file, such as AuthGroup1.asp. In this file, you will check the UserName or UserGroup to see if they are authorized for that area.

When the user logs out. Remember to kill the session (Session.Abandon). This will allow someone else to login using the same browser.

Thanks

akohl — Wed, 18 Apr 2001 10:21:27 +0000

Makes sense, I suppose.

What then, if not shopping cart, would be a good use for session variable in on online shop.

I'm doing this as a course project and I need to get some practice working with the session object.

Mark Hensler — Wed, 18 Apr 2001 02:53:34 +0000

Sorry for the delayed answer...

How does one store shopping cart information in a session variable?
quick answer: I wouldn't

longer answer:
Only need one sessoin variable: UserID
Then keep all the shopping cart info in a DB table. It's a lot easier to keep track of all your vars if you only have one . Also, you can allow the user to window shop now, and buy latter. The next time they log into your site, you grab their UserID, and can query for any item in their shopping cart. Make sense?

Good Luck,