Passing Protected Query String to between pages

Passing Protected or Unseen Query String to between pages

I would be very thankful if someone can help me on my problem. When you create an asp file for querying another page, I pass a user name and password from the requesting asp file to the file being queried. My problem is that when i create a link and embed the query string user name and password from an access database, the status bar of the browser shows the link together with the querystring username and password in their actual format. I tried to create a JavaScript that when the link is being pointed, the statusbar will show another message. But when i clicked on it and hold the mouse, the actual link and query string appears. i tried different mouse event operation but it always happen all the time, when the link is active and you tried a mousedown operation, the process works - no querystring shown. if the link is not active, and you try to mousedown on it, the link appears. and if the link is already active again, and apply the mousedown function, it works...

maybe there's another way around on how to solve my problem. thank you very much in advance.

Comments

Take another approach...

January 30, 2004 by Kutt Niinepuu

It would be much safer and with less hassle to use session variables instead of URL variables. seesion variables get sent "silently" between pages, without any clue for the user of what's really going on.

Using session variables is quite simple: after you know the username and password (they are in some variable already, right?) you just assign that variable to a session variable like that -- $_SESSION['username'] = $your_username_variable; and $_SESSION['password'] = $your_password_variable;

Don't forget to include in the header of EVERY page that uses or accesses those $_SESSION vars, this code snippet: session_start(); This initialises session support for this page. I hope I could explain myself.

Oh, and...

January 30, 2004 by Kutt Niinepuu

You can do this beforementioned session assigning on the login page only, and afterwards, when you paste the session_start(); at the start of your pages, those variables are readily available. Check if you want with (i'm using php):

echo $_SESSION['username'];

If for some reason you want to get data out of the session variables and into some local ones, do the assignment process vice versa, ie.

$you_local_variable = $_SESSION['username'];

When you're finished with your sessions on the "last page", be sure to terminate the session, as it will no longer be needed, with

session_destroy();

That too, should be preceded with session_start(); however. And one more pointer, the "session_start();" must be initialised before any HTML tags in the code, a foolproof way is to make it on the first line.

You must me logged in to write a comment.