how to make security logout

**karthi84** · Jan 4 '07, 07:26 AM

hi,
i think this code sample should help u.

Code:

<%Response.Expires = -1 %>
<%Response.ExpiresAbsolute = Now() - 1 %>
<%Response.AddHeader "pragma", "no-cache" %>
<%Response.AddHeader "cache-control", "private" %>
<%Response.CacheControl = "no-cache" %>

add this code at the top of the authenticated page.

regards....

**sashi** · Jan 4 '07, 08:07 AM

Originally posted by subashini Thiyagarajan

when logout pressed the session should expire how to do?

how in yahoo after logging out even if we press browser back it shows to login page like that how to make.

Hi there,

Another option will be to ditch the current session, kindly refer to below sample code segment, hope it helps. Good luck & Take care.

Code:

<% Session.Abandon %>

p.s/ Make sure to call this method on the last page, any active session / value active during this method call will be set to zero.

**subashini Thiyagarajan** · Jan 4 '07, 08:44 AM

Both options are failed for me.i could go back and view the previous pages.
I am new to ASP what other things i need to concentrate.i am not sucessful in security log out.please explain me.how to do?

**sashi** · Jan 4 '07, 09:52 AM

Originally posted by subashini Thiyagarajan

Both options are failed for me.i could go back and view the previous pages.
I am new to ASP what other things i need to concentrate.i am not sucessful in security log out.please explain me.how to do?

Hi there,

I wonder why you always jump into conclusions. Understand <Sessions> in ASP first. Sessions are always active as long as your browser window is active. So, close the browser and try to open the same page again, see what happens now.

What is the logic in your Auth page? Kindly refer to below sample, hope you understand better now. Good luck & Take care.

Auth page (login)

Code:

  If <'username & password successfully validated'> Then
     Session("IsLoggedIn") = "yes"
  End If

Add this statement on top of every page that you wish to protect

Code:

  If Session("IsLoggedIn") <> "yes" Then
    Response.Redirect "acess_denied.asp"
  End If

p.s/ Hope you understand better now.

**subashini Thiyagarajan** · Jan 4 '07, 11:09 AM

Yes it works well.thanks a lot...........

but.......

if i choose any page in between login and logout it is not allowing as you explained it is redirecting to the session expired page..

after pressing logout,it means original user logged out.now new user sits in the system and trying to access the data by pressing back button in browser.how to restrict this.

**sashi** · Jan 5 '07, 07:31 AM

Originally posted by subashini Thiyagarajan

Yes it works well.thanks a lot...........

but.......

if i choose any page in between login and logout it is not allowing as you explained it is redirecting to the session expired page..

after pressing logout,it means original user logged out.now new user sits in the system and trying to access the data by pressing back button in browser.how to restrict this.

Hi there,

You can make use of several sessions to check on certain status, kindly refer to below sample code segment, hope it helps. Good luck & Take care.

Auth page

Code:

  If <'username & password successfully validated'> Then
     Session("IsLoggedIn") = "yes"
     Session("strUsername") = <username as per in database>
  End If

Add this statement on top of every page that you wish to protect

Code:

  If Session("IsLoggedIn") <> "yes" OR Session("strUsername") = vbNullString Then
    Response.Redirect "acess_denied.asp"
  End If

how to make security logout

how to make security logout

Comment

Comment

Comment

Comment

Comment

Comment