Results 1 to 3 of 3

Thread: Session problem

  1. #1
    Join Date
    Nov 2005
    Location
    San Francisco, CA
    Posts
    506

    Red face Unanswered: Session problem

    Hi,
    I am having a problem while craeting session.Plz help me if u can.
    I have an admin page......which has a password...This admin page is the gateway to enter the main menu ,where one can add,delete,update different section of data.As for example...Region,Dealer etc.
    I want to create a session for individual user who will log in.

    What I am doing is ...In global.asa file

    Sub Session_OnStart()

    session("sessionid")=Session.SessionID

    end sub

    And I am checking this session_id variable in start of each page as...

    <%
    response.Write(session("sessionid"))
    if not session.SessionID=session("sessionid") then
    server.Transfer("logoutscreen.asp")
    end if
    %>

    In in logout.asp I wrote..
    <%

    session("sessionid")=""
    session.Abandon()

    server.Transfer("logoutscreen.asp")


    %>

    But when I press the back button of IE its taking me back to the previous pages ,where a new session id is created.
    I want to stop this.
    I want when a user will click logout ,he will not able to view any pages by back button.
    Please help me to solve this problem.
    Thanks in advance.
    Joydeep

  2. #2
    Join Date
    Nov 2003
    Location
    Christchurch, New Zealand
    Posts
    1,618
    three things,

    one is content expiry/disabling caching.....

    two, add a javascript event to the page load of your pages that forces them forward through their history so if they try and go back it doesn't help.

    the other is don't use the session id as the item to identify if they have logged in. a session is created when any user attempts of connect to the website. it is not a indication that they have logged in. You need to create your own session variables eg. UserAuthenicated and give those values.

    In your session on start you set UserAuthenicated to false. When they successfully log in you set it to true. When the session is abandoned it gets wiped. If they go back through the pages a new session will be created but UserAuthenicated will have been reset to false.

  3. #3
    Join Date
    Nov 2005
    Location
    San Francisco, CA
    Posts
    506
    hi Rokslide,
    Thanks a lot for the help.It worked fine.
    Joydeep

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •