Prev   Next

Back to the top of the FAQ

Q. With Cookie based protection, I want the user to login once, then have access to multiple different directories.

Cookie Site Wide Value (CookieSWValue) is the best tool for this.

However if you want different per-directory restrictions the following will apply:
Determine what groups and directories a particular user has permissions for when the user first logs in (loginnow.asp). Then set the correct cookies for all the appropriate directories. So you would do something like this:

' lookup up the user in the database,
' figure out which directories+URLs he has access to
' for each directory+URL do this:
protectedAbsPath = "c:\aspmail\ACookieLogin\example2\members\"
protectedDirectory = "/aspmail/ACookieLogin/example2/members/"
cookieName = AuthX.CookieLoginCookieName(protectedAbsPath, _
			protectedDirectory  _
cookieValue = AuthX.CookieLoginValue(serverName, _
			protectedAbsPath, _
			Request.Form("USERNAME"), _
			Request.Form("PASSWORD")  _
response.Cookies(cookieName) = cookieValue
response.Cookies(cookieName).Path = protectedDirectory
Cookie-based protection must actively set the cookie on the browser for each protected directory via ASP, rather than Basic which passively rejects unauthorized access with a 401 reject message.

With Basic Authentication, the browser automatically caches the username and password for each directory. With cookie-based protection it is necessary to emulate this behaviour.

You may want to have a single login for the entire protected area (/members in this example), and yet discriminate access between each of several sub-directories. For example

If you are using the AuthentiX internal database, then conditionally set the appropriate cookies (within if/then/else/end if) depending on the USERNAME's groups, using UserGroups. or GroupHasUser..

If you are using an ODBC database, then use ADO and set the appropriate cookies based on the query results for that user.

The directories you set for cookie protection are case sensitive. If you protect "c:\inetpub\wwwroot\membersonly" links to "c:\inetpub\wwwroot\MEMBERSONLY\asecretPage.htm" will take you back to the login page with "Denied_Empty".

Also check out CookieSWValue for an alternative choice for cookie validation.

Back to the top of the FAQ

Prev   Next