0

I am making a application in asp.net which has a login function. To acess the current user info i am passing the user email with the Redirect function like

Session["email"] = TextBox1.Text;
Response.Redirect("home.aspx?Id=" + Session["email"]);

By this i am getting my next page as home.aspx?Id=example@example.com

In this home.aspx page i am getting the value from page_load function like this

string url = HttpContext.Current.Request.Url.AbsoluteUri;
Uri myUri = new Uri(url);
keyid = HttpUtility.ParseQueryString(myUri.Query).Get("Id");

The problem is when a user paste a direct url of any user it allows them to access their account. Is there away to redirect such users to login page.

[The user who comes in from login page only able to acess the account]

I googled a lot but i cant able to find answers for this. Anyone knows the solution for this?

Vivek Dragon
  • 2,218
  • 4
  • 27
  • 48

2 Answers2

1

on Next page simply get email like this:

string email= Session["email"]

session is stored within server, you dont need to pass it in URL.

check if the Session["email"] is null/empty, if it is then redirect them to the login/account page.

highwingers
  • 1,649
  • 4
  • 21
  • 39
  • +1 it works fine dude. The problem is when i check Session["email"] is null/empty it throws Null exception – Vivek Dragon Apr 04 '13 at 06:17
  • make sure its NOT null...then check for its value: http://stackoverflow.com/questions/7172910/checking-session-if-empty-or-not – highwingers Apr 04 '13 at 06:20
0

The answer specified by @abatishchev / @highwingers is correct and would work, except for one thing.

"Session is not stored in browser, but stored on the server."

nevertheless, fetching email from session in the home page seems to be the way to go here.

Chinmoymohanty85
  • 127
  • 11