OnTheAnvil
Regular
I've inherited some ASP pages that provide users with a login page. If a user logs in correctly the ASP pages sets the Session("username"), Session("password") and Session("LoginSuccessful") = TRUE. This works great for all the ASP pages that are already running. I need users to be able to log in through the ASP page and then pass their username to my ASPX page. I've been told that ASP Sessions can't be passed to ASPX Sessions although I haven't validated that it doesn't work yet. I don't want to do this using the query string because it would be extremely easy for someone to pretend they are someone else by changing the query string. I found a comment about encrypting query strings on this site:
http://www.dotnetjunkies.com/how to/99201486-ACFD-4607-A0CC-99E75836DC72.dcik
but I think this only works if the page generating the query string is an ASPX page which in my case it isn't. I don't have to have rock solid security but I don't want to leave huge holes for people to exploit either. I'm open to even crazy ideas if someone has some.
Thanks,
OnTheAnvil
http://www.dotnetjunkies.com/how to/99201486-ACFD-4607-A0CC-99E75836DC72.dcik
but I think this only works if the page generating the query string is an ASPX page which in my case it isn't. I don't have to have rock solid security but I don't want to leave huge holes for people to exploit either. I'm open to even crazy ideas if someone has some.
Thanks,
OnTheAnvil