HI
I have login.aspx page
these are login.aspx page behind code
int count = Convert.ToInt32(_cmd.ExecuteScalar());
if (count > 0)
{
Session["Login"] = true;
Response.Redirect("Managers.aspx?BehCode=" + Server.UrlEncode(Txtbeh.Text));
}
else
{
Session["MessageError"] = true;
lblcap.Visible = false;
}
}
and MAnager.aspx code
Response.Cache.SetCacheability(HttpCacheability.NoCache);
if (Session["Login"] == null)
{
Response.Redirect("login.aspx");
}
So here when I go to login page and type username and password it go to manager.aspx page and in addressbar we can see below url:
http://behtop.com/Managers.aspx?BehCode=1115
when I copy above code and paste it in newtab it didn't go to managers.aspx page it redirect to login.aspx page Until now every thing is right.
but there is some problem when I login i.e with behcode=1115 it go to managers.aspx page and show user's information with behcode=1115(here behcode is like username)
and when in that page (user's with behcode=1115) I click in address bar and chang url address like below
http://behtop.com/Managers.aspx?BehCode=1113
I mean I just chang behcode=1113 in address bar it go to related page I mean it go to managers.aspx page and show user's with behcode=1113 information????
so for solving this problem what can I do ???
here every users can access other users information just with changing behcode in addressbar.
BestREgards
