3

So i would like the user to login and have their username appear on the the top of the page when they're logged in. I check if they exist in the database first then i let them in, so when they click the login button it does something like this(button event)

If (IsPostBack) Then

            connection.Open()
            command.Connection = connection

            command.CommandText = "select count(*) from customer where Email='" & TextEmail.Text & "' AND Password='" & TextPassword.Text.Trim & "'"
            counts = Convert.ToInt32(command.ExecuteScalar.ToString) ' execute this text as an SQL query

            If (counts > 0) Then
                Response.Redirect("Default.aspx", False)
                Session("Username") = TextEmail.Text 'This is where i try to use the session storing the user's email (which i use as a username)
            Else
                Label1.Visible = True
            End If

            connection.Close()
        End If

Above code works fine, has no problem. In C#.Net This would be Session["Username"]=TextEmail.Text right.

So now there is a form within my project to which you cannot gain access without logging in first. When this page loads, i want to check if the user is logged in or not, if not, I redirect them to the Login page, if they are i let them in, and update the label that will display "logged in user userEmail", The Page_load code is like this:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    Try
        If Not (Session("Username") = vbNull) Then
            LogInStatus.Text = "logged in user " & System.Web.HttpContext.Current.Session("Username").ToString
        Else
            Response.Redirect("Login.aspx", False)
        End If
    Catch ex As Exception
        MsgBox(ex.ToString)
    End Try
End Sub

There will be a Logout, which when clicked i will set the Session to Null and then redirect them to the login page once again. so when they click logout this happens

 Session("Username") = vbNull
        Response.Redirect("Login.aspx", False)

When i run the code, i get this NullReference exception image here Obviously either i'm initializing the object wrong, or i'm just using it straight the wrong way. But all this works with C#. Please help.

Improve this question
4
  • try to convert Convert.ToString(System.Web.HttpContext.Current.Session["Username"]) (Sorry this is given in C#) it handles the null reference Commented Sep 9, 2016 at 13:02
  • @Webruster it is already converted. If you go back to read the code i gave, you will see that where the exception occurs , the end of the statement ends with ..... Session("Username").ToString Commented Sep 9, 2016 at 13:11
  • if you are using .ToString() it will lead to null reference exception if the object is null , where as this is handled if you convert using Convert.Tostring , this is what i am refering in my previous comment Commented Sep 9, 2016 at 13:29
  • If they put a comma in their password, you app will crash... Parametrize your query, and encrypt password if this is going to be used. Instead of "= vbNull" try to use "Is Nothing". Commented Sep 9, 2016 at 13:34

1 Answer 1

Reset to default
1

The problem is: when "Username" key doesn't exists, the value you get from Session is the object Nothing, not vbNull. Then Nothing ToString raises an exception. Try this:

If Session("Username") IsNot Nothing Then
    LogInStatus.Text = "logged in user " & Session("Username").ToString
Else
    Response.Redirect("Login.aspx", False)
End If

Rather than assigning vbNull you may do Session.Remove("Username") which sets the value to Nothing.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.