Results 1 to 6 of 6
  1. #1
    Join Date
    Oct 2007
    Posts
    214

    Exclamation Unanswered: Logout question help!

    Hello All,

    I have a logout button on my website that is coded

    <INPUT id=but1 name=but1 type=button onClick="self.location.href='logout.asp'" value="Logout"


    When the user clicks it it takes them to the logout page. Well, on the logout page I have

    SESSION.ABANDON

    in the code. However, once the user clicks the back button, it simply takes them back to the protected page. Is there coding that will prevent this from happening. Once the user logs out, I don't want them to be able to click back again and view the pages they had to be logged in to see.

    I've googled this, and I can't seem to find anything that will work.

  2. #2
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Have a cookie to identify whether someone is authenticated and then in your session end (global.asa?) code, clear the cookie value. Ensure that on each page you check for the cookies existence.
    George
    Home | Blog

  3. #3
    Join Date
    Oct 2007
    Posts
    214
    I'm fairly new at this, so bear with me. Where would this code be inserted? Any examples of what It looks like? Thanks for your help

  4. #4
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Ignore what I said about cookies, you can probably get away with nothing but session variables.

    Read more about them here: ASP Session object
    George
    Home | Blog

  5. #5
    Join Date
    Oct 2007
    Posts
    214
    I really can't find anything that makes sense to me. Once the user clicks logout, I want the session to clear and if they hit the back button they cannot see the page they were logged in on without having to log in agian. My code looks like this, where would I insert code to prevent them from hitting the back button and seeing the page they were just on?

    I am using front page. Thanks !!

    CODE:

    <%@ Language="VBScript" %>
    <% Option Explicit %>


    <%



    If Session("username") <> "TOL" Then Response.Redirect("../login_db_nav.asp")



    %>





    <html>
    <head>
    <meta http-equiv="expires" content="0" />

    <INPUT id=but1 name=but1 type=button onClick="self.location.href='logout.asp'" value="Logout"

  6. #6
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    After successful login:
    Code:
    <%
      Session("username") = "gvee"
    %>
    On every "secure" page
    Code:
    <%
      If Session("username") = "" Then
        Response.Redirect("denied.asp")
      End If
    %>
    On log out:
    Code:
    <%
      Session.Abandon
      'OR
      Session.Contents.RemoveAll()
      'OR
      Session("username") = ""
    %>
    George
    Home | Blog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •