Webmaster Forum / ASP / Database Access / January 2008

Hi All,

i have created a login page for my intranet website. when user logs
in, it also check for the rights which the user has ("admin", "user").
what i want to acheive is that, once user log in, based on the type of
permission, they will be allowed to delete data dispplayed in the
page.

I tried doing this by creating a session variable at the time of
logging in but when i try to retrieve this session variable, it does
not return anything.

Please help and let me know how can i retain the login information for
a user so that it can be used till user leaves the site. below is the
code from login page:

Set cnnSimple = Server.CreateObject("ADODB.Connection")

SQLstr="SELECT * FROM tblBuyers WHERE buyerUserName='" & userName & "'
AND buyerPassword='" & pwd & "';"

'Response.Write(SQLstr)

cnnSimple.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &
strDBPath & ";"
Set rstSimple = cnnSimple.Execute(SQLstr)

if rstSimple.EOF=True  Then 'and (IsNull(userName)=True OR
IsNull(pwd)=True) then
    ValFound=False
Response.Write ("Login Not Found")

else
    ValFound=True
'Response.Redirect("/indportal/Home.html")

end if

if valFound=True Then
    Response.Redirect("/indportal/Home.html")
    Session("UserRights")=rstSimple.Fields("buyerRights")
else
    Response.Redirect("/indportal/login.asp")
end if

In the below code i am trying to retrieve the session variable which
was created a login time which come shows blank:

If Session("UserRights") = "admin" Then

Display the link for admin

else
Display the link for user.

end if

Please help!!

Thanks,
Navin