0

I want to make sessions, but i don't know from where I can start. I logged in myself, but without using session and i have to make sessions. Below is my code which I have done so far.

Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnLogin.Click

    If txt_username.Text = "" Or txt_password.Text = "" Then
        error_usr_invalid.Visible = False
        If txt_username.Text = "" Then
            error_usr_blank.Visible = True
        ElseIf txt_username.Text <> "" Then
            error_usr_blank.Visible = False
        End If
        If txt_password.Text = "" Then
            error_pwd_blank.Visible = True
        ElseIf txt_username.Text <> "" Then
            error_pwd_blank.Visible = False
        End If
    ElseIf txt_username.Text <> "" And txt_password.Text <> "" Then
        Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString)
        con.Open()
        Dim cmd As New SqlCommand("select * from users where username = '" + txt_username.Text + "' and Password = '" + txt_password.Text + "'", con)
        cmd.Parameters.AddWithValue("@username", txt_username.Text)
        cmd.Parameters.AddWithValue("@password", txt_password.Text)
        Dim da As New SqlDataAdapter(cmd)
        Dim dt As New DataTable()
        da.Fill(dt)
        If dt.Rows.Count > 0 Then
            error_usr_invalid.Visible = False
            error_usr_blank.Visible = False
            error_pwd_blank.Visible = False

            Response.Redirect("main.aspx")
        Else
            error_usr_invalid.Visible = True
            error_usr_blank.Visible = False
            error_pwd_blank.Visible = False
        End If
    End If

Please help me out by suggesting your ideas in this code.

Improve this question

2 Answers 2

Reset to default
1

You can read about session here : ASP.NET Session State Overview

Now, there is just few examples :

Add value to session : Session.Add("username", txt_username.Text)

Get value from session : Dim username As String = Session("username")

For example : You can store username into Session("username") and use it on some other page (for example in Your main.aspx) until You remove it.

One more example :

Default.aspx

Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnLogin.Click
  Session.Add("username", txt_username.Text)
  Response.Redirect("main.aspx")
End Sub

And in main.aspx :

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
  Label1.Text = Session("username")
End Sub

Session can be used for storing arrays, and other type of datas. For example :

Session.Add("list", List(Of String))
Session("list").Add("record #1")
Session("list").Add("record #2")
Session("list").Add("record #3")

And then use it somewhere else :

For x = 0 to Session("list").Count - 1
  Label1.Text = Session("list")(x) + ", "
Next

Remove session : Session.Remove("username") (this session item will be removed)

When You finished with Your work (for example You log out), You can remove, clear, abandon session.

Session.RemoveAll() : Session.Clear() : Session.Abandon()

You can store some data into session and use it anywhere in Your web app.

btw. in Your code, little better approach will be :

Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString)
If con.State = ConnectionState.Open Then con.Close()
con.ConnectionString = ConfigurationManager.ConnectionStrings("ConnectionString").ToString
con.Open()
Dim cmd As New SqlCommand("select * from users where username = @username and Password = @password;", con)
cmd.Parameters.AddWithValue("@username", txt_username.Text)
cmd.Parameters.AddWithValue("@password", txt_password.Text)
Dim tds As SqlDataReader = cmd.ExecuteReader
Session.Add("isexist", tds.HasRows)   'there is example how to store result into session (in this case result value will be True or False)
tds.Close(): cmd.Dispose(): con.Close()  'avoid connection stay opened
If Session("isexist") = True Then
  'user successful log in, session("isexist") is True
  Session.Remove("isexist")
  Response.Redirect("main.aspx")
Else
  'username or password doesn't exist in database, session("isexist") is False
  Session.Remove("isexist") 
 'do what You want
End If

Of course, You have to pay attention for session timeout.... You can read more by provided link on the start of this post.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Simple as this...

    Session("Username") = txt_username.Text

After that, you can get the value of the session on every page.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.