login with security code

Set a session variable in the calling file called:-

Session("lngSecurityCode")

Then use the following to call the file security_images.asp that displays the image:-

<img src="security_image.asp?I=1&<% = hexValue(4) %>" /><img src="security_image.asp?I=2&<% = hexValue(4) %>" /><img src="security_image.asp?I=3&<% = hexValue(4) %>" /><img src="security_image.asp?I=4&<% = hexValue(4) %>" /><img src="security_image.asp?I=5&<% = hexValue(4) %>" /><img src="security_image.asp?I=6&<% = hexValue(4) %>" />

The I=x part tells the image file which part of the session variable to look at so it knows which image to show.

The <% = hexValue(4) %> calles a function in the functions_common.asp file that produces a value to stop browsers caching the image

You then in the page it is sent to call the session variable Session("lngSecurityCode") and check it matches the input value.

Hey, Why don't you make it like the way VeriSign does (security code). Take a look @ it on netsol.com and click on whois. Try whois a domain (e.x.:webwiz.net) and the next step they give you a security code. They look more promising. And I think you should make security code alpha numeric. Six charecters with a background. The log in page should me much more simple. You know what I mean, take off those 2 options like remember me and Add me to active user list. By default keep this option: "NO to remember me" ad "add YES to add me to active user list. THe login page would look a whole lot simpler. Much beter. It would look much like a login page than a sign up form.

Edited by anilxp

Borg,

I notice that you don't actually use the security code on this live forum.

I'm curious what you feel we should think about when deciding whether or not to use it.  Why did you decide not to turn it on?

Thanks,