-1

I am using session to carry the value to another page in ASP.NET using C#, but the page I am redirecting to is getting null value. However, I tried passing value through session in simple application, and it's working well. Please help me out where am I going wrong?

// Login.aspx.cs
con.Open();
cmd = new SqlCommand("select Username, Password, Fname from Customer where Username = '" + txtCust.Text + "' and Password = '" + txtPass3.Text + "'",con);

rd = cmd.ExecuteReader();

if (rd.Read())
{
    a = rd.GetValue(0).ToString();
    b = rd.GetValue(1).ToString();
    c = rd.GetValue(2).ToString();
}

con.Close();

if (a != txtCust.Text)
    Response.Write("<script>alert('Invalid Username')</script>");
else if (b != txtPass3.Text)
    Response.Write("<script>alert('Invalid Password')</script>");
else
{
    Session["user"] = c;
    Response.Redirect("Customer_Home.aspx");    
}

// Customer_Home.aspx.cs
protected void Page_Load(object sender, EventArgs e)
{
    if (Session["user"] != null)
    {
        lblUser.Text = Session["user"].ToString();
    }
    else
    {
        lblUser.Text = "No value returned";
    }
}

I expect the output of the above code to be "Fname", but the actual output is "No value returned"

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Vineet Nair
  • 1
  • 5
  • 1
    [SQL Injection alert](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - you should **not** concatenate together your SQL statements - use **parametrized queries** instead to avoid SQL injection - check out [Little Bobby Tables](http://bobby-tables.com/) – marc_s Oct 13 '19 at 09:33
  • 1
    Have you checked whether the debugger is getting into the else statement? – Ajoe Oct 13 '19 at 09:40
  • Also check rd.GetValue(2).ToString(); is null or not – Ajoe Oct 13 '19 at 09:41
  • @AA **yes the debugger is getting into else statement and rd.GetValue(2) is containing some value but its not carried to another page ** – Vineet Nair Oct 13 '19 at 09:52
  • Hope you have checked Session["user"] after assigning value into it. – Ajoe Oct 13 '19 at 09:55
  • @AA yes, i tried printing value by Response.Write(Session["user"]) and i am getting as expected. – Vineet Nair Oct 13 '19 at 10:06
  • Have you set any postback url anywhere? Also In Customer_Home.aspx.cs is it going to else part? – Ajoe Oct 13 '19 at 10:11
  • @AA No postback url is set. and Customer_Home is not redirected to any other page for now – Vineet Nair Oct 13 '19 at 10:29
  • https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection / https://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database – mjwills Oct 13 '19 at 11:06

1 Answers1

0

This code seems to have no problem. But you can try using QueryString.

// Login.aspx.cs

Response.Redirect("Customer_Home.aspx?user=" + Server.UrlEncode(c);

// Customer_Home.aspx.cs

string value = Request.QueryString["user"].ToString();

SHoaib Riaz
  • 11
  • 1