Hi,
I have recently included a login control in my program which validated the user login before I added in code with session variables in it. This is the code I have under the login control:
Protected Sub Login1_Authenticate(sender As Object, e As AuthenticateEventArgs) Handles Login1.Authenticate
Dim user, pass As String
user = DirectCast(Login1.FindControl("UserName"), TextBox).Text
pass = DirectCast(Login1.FindControl("Password"), TextBox).Text
Session("Email") = user
Session("Password") = pass
If user = "" And pass = "" Then
Session.RemoveAll()
Response.Redirect("02_Login_Register2.aspx")
ElseIf user = Session("Email") And pass = Session("Password") Then
Response.Redirect("01_Homepage.aspx")
ElseIf user <> Session("Email") And pass <> Session("Password") Then
Session.RemoveAll()
DirectCast(Login1.FindControl("UserName"), TextBox).Focus()
ElseIf Session("Email") = "" And Session("Password") = "" Then
Session.RemoveAll()
DirectCast(Login1.FindControl("UserName"), TextBox).Focus()
End If
End SubI am retrieving the session variables from the register page, I used this code because on other areas of the website, I want to show login or logoff based if the user has logged in or out of the system.
This works, however when I type in random information into the login control, it still lets me access the system which is a problem.
Does anyone know how to resolve this issue?