Restrict Page access if session variable is empty

Question

0.00/5 (No votes)

See more:

I am developing a small application in Asp.net . I have created an admin panel in that. Certain Pages are accessible to admin login only . I want to restrict access to those pages if admin loggin session variable is not set. On checking whether the SESSION variable is set , it still redirects me on the login page even if the session variable is set, please go through my code

C#

protected void Page_Load(object sender, EventArgs e)
{
    if (!IsPostBack)
    {
        if (Convert.ToString(Session["loggeduername"])=="")
        {
           Response.Redirect("adminlogin.aspx");
        }



    }
}

Posted 25-Jul-13 1:39am

Kunal Ved

Updated 25-Jul-13 1:40am

Thanks7872

v2

Add a Solution

Comments

Kunal Ved 25-Jul-13 7:47am

protected void btnLogin_Click(object sender, EventArgs e)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("usp_adminlogin_check", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@username", txtUserName.Text);
cmd.Parameters.AddWithValue("@password ", txtPassword.Text);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
con.Close();
if (ds.Tables[0].Rows.Count > 0)
{

Session["loggedusername"] = ds.Tables[0].Rows[0].ItemArray[1].ToString();
try
{
Response.Redirect("UploadStudyMaterial.aspx");
}
catch (ThreadAbortException ex)
{
lbMsg.Text = "Some Error " + ex.Message.ToString();

}

}
else
{
lbMsg.Text = "Invalid User Name or Password, Please try again";
}
}
catch (Exception ex)
{
lbMsg.Text = "Some Error " + ex.Message.ToString();
}
finally
{
con.Close();

}

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Thanks7872 · Accepted Answer · 2013-07-25T01:54:00

Solution 1

Do this.

C#

protected void Page_Load(object sender, EventArgs e)
{
     if (Session["loggedusername"])==null)
     {
        Response.Redirect("adminlogin.aspx");
     }  
}

Check at the page where you set the value that,ds.Tables[0].Rows[0].ItemArray[1].ToString() contains value.
Regards..:laugh:

Posted 25-Jul-13 1:54am

Thanks7872

Comments

Kunal Ved 25-Jul-13 8:05am

Thanks for your replies but I have already tried this I get an error "object reference not set to an instance of an object" . Please paraphrase once again what I need to do .

Thanks7872 25-Jul-13 8:07am

Paste the line where you get this error. The above code will never give the object reference error?

Kunal Ved 25-Jul-13 8:28am

Session["loggedusername"] = ds.Tables[0].Rows[0].ItemArray[1].ToString();
try
{
Response.Redirect("UploadStudyMaterial.aspx");
}
catch (ThreadAbortException ex)
{
lbMsg.Text = "Some Error " + ex.Message.ToString();

}
i copied your given code , the session variable SESSION["loggedusername"] gets set, the debugger even passes through correct page but it throws ThreadAbortException and again the page is redirected to login page . It never reaches the intended "UploadStudyMaterial.aspx" page after login

Thanks7872 25-Jul-13 8:33am

Remove try catch block and go thorugh the actual error. I didnt suggest you to paste my code at this page. Like if we consider your case,the code should be on UploadStudyMaterial.aspx page.

Kunal Ved 25-Jul-13 8:46am

Got it fixed ..Thanks a lot . Now what about the Session time out ? Can I use HTTP context session than SESSION ? If yes what difference does it make .