入力チェックの話題なんだが

For example, a web application may implement the following authorization checks:

If Request(“Admin”) =”True” Then

Do administrative work

Else

Normal User Work

If the developer of the application sets a variable in the cookie, such as Admin=Yes, then the application will check for the value of this Request object whenever the application has to process admin functionality.

The code should look something like Request.Cookies(“Admin”). However, if the developer loosely codes the thing, and uses a shortcut like Request(“Admin”) then now as stated earlier, the Request object will search for a match in QueryString, Form, Cookies, ClientCertificate and ServerVariables, in that order. The first match found dictates the value.

「本当はクッキーの値を見るべきなのに、サボりたがりはリクエストからって見ちまうよね、よくないよね」って言いたいことは分かるんだが、そもそも設計からしておかしい。

　ログイン情報をCookie に直で埋めるのがMicrosoft クオリティ。