How to restrict a user getting access to pages after logout
-
Hi there, Here's a scenario: There's a public computer where many people log in to their bank accounts and do some online billpay. Assuming every individual remembers to log out, most people don't normally bother to close the browser before they leave. Once logged out, I want to restrict other users from viewing pages that have just been visited by the user before him/her. My problem is, in my web application if a user doesn't close the browser after logging out, the next user can simply click the Back button and be able to view that individual's account info!!! Not only that, one can just type in the filename on the navigation bar (eg: www.abcbank.com/myaccount.aspx) and get access to the page that has recently been viewed. How do I prevent this? (This doesn't happen once the browser is closed. The back button is disabled and when I type in the above mentioned url, it redirects me to login.aspx page as expected!) Suggestions please!!! This is so critical! Thanks a million. Anjani Shiwakoti Computer programs and social cultures are the same.
-
Hi there, Here's a scenario: There's a public computer where many people log in to their bank accounts and do some online billpay. Assuming every individual remembers to log out, most people don't normally bother to close the browser before they leave. Once logged out, I want to restrict other users from viewing pages that have just been visited by the user before him/her. My problem is, in my web application if a user doesn't close the browser after logging out, the next user can simply click the Back button and be able to view that individual's account info!!! Not only that, one can just type in the filename on the navigation bar (eg: www.abcbank.com/myaccount.aspx) and get access to the page that has recently been viewed. How do I prevent this? (This doesn't happen once the browser is closed. The back button is disabled and when I type in the above mentioned url, it redirects me to login.aspx page as expected!) Suggestions please!!! This is so critical! Thanks a million. Anjani Shiwakoti Computer programs and social cultures are the same.
Dear Anjani, The Solution of your problem is Session variable you need to create a session when user login into his account a session will start and then user will check its Balances and related info When page will load first of all it checkes for login session if the user is login then page will open if the user has log out then page will not open.:^) every time page will check for scession if scession will expire then page will not open and request for re-login. Rgds, Muhammad Nadeem.
-
Dear Anjani, The Solution of your problem is Session variable you need to create a session when user login into his account a session will start and then user will check its Balances and related info When page will load first of all it checkes for login session if the user is login then page will open if the user has log out then page will not open.:^) every time page will check for scession if scession will expire then page will not open and request for re-login. Rgds, Muhammad Nadeem.
Hi Muhammad, Thanks for the tip but I have already created a session variable in my login.aspx page. And on successful login, I am also able to display username stored in the session variable in other pages. Here's a subroutine that I used in my login.aspx : Sub Submit_Click(s As Object, e as EventArgs) If Page.IsValid Then If (Authenticate(Username.Text, Passwrd.Text) = 1) Then Session("sessionUsername") = Request("Username") System.Web.Security.FormsAuthentication.SetAuthCookie(Username.Text, False) System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Username.Text, False) Else lblDisplayMessage.Text = "Invalid Username or Password." End If End If End Sub And here's a subroutine from my logout.aspx : Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Mybase.Load Session.Abandon() System.Web.Security.FormsAuthentication.SignOut() End Sub Could you please suggest me if I can do anything else to make my site work better and more secure? How come I can still go back to previously viewed pages even after I logout? How come I can still type in the url and view that page? do i have to create a session variable in web.config as well? Here's a snippet: Thanks, Anjani Computer programs and social cultures are the same. -- modified at 20:18 Saturday 14th January, 2006
-
Hi Muhammad, Thanks for the tip but I have already created a session variable in my login.aspx page. And on successful login, I am also able to display username stored in the session variable in other pages. Here's a subroutine that I used in my login.aspx : Sub Submit_Click(s As Object, e as EventArgs) If Page.IsValid Then If (Authenticate(Username.Text, Passwrd.Text) = 1) Then Session("sessionUsername") = Request("Username") System.Web.Security.FormsAuthentication.SetAuthCookie(Username.Text, False) System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Username.Text, False) Else lblDisplayMessage.Text = "Invalid Username or Password." End If End If End Sub And here's a subroutine from my logout.aspx : Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Mybase.Load Session.Abandon() System.Web.Security.FormsAuthentication.SignOut() End Sub Could you please suggest me if I can do anything else to make my site work better and more secure? How come I can still go back to previously viewed pages even after I logout? How come I can still type in the url and view that page? do i have to create a session variable in web.config as well? Here's a snippet: Thanks, Anjani Computer programs and social cultures are the same. -- modified at 20:18 Saturday 14th January, 2006
-
U r able to view the previous page because that page is in cache of web browser at the lime of logout clear the cache. this may help abhinav
Ok if you already creating a session and when u log off from your account (dispose the session .. or abondon the session ) you have to write the B/M Code in Every page load's Event
If Session("uname") = "" Then Server.Transfer("login.aspx") Else lblmsg.Text = " Well Come to " & Session("uname") End Ifwhen page will load it will check for the username if user will login the page will show else the page will not show and Control will be transfer to login.aspx page.. Regards, Muhammad Nadeem. -
Hi there, Here's a scenario: There's a public computer where many people log in to their bank accounts and do some online billpay. Assuming every individual remembers to log out, most people don't normally bother to close the browser before they leave. Once logged out, I want to restrict other users from viewing pages that have just been visited by the user before him/her. My problem is, in my web application if a user doesn't close the browser after logging out, the next user can simply click the Back button and be able to view that individual's account info!!! Not only that, one can just type in the filename on the navigation bar (eg: www.abcbank.com/myaccount.aspx) and get access to the page that has recently been viewed. How do I prevent this? (This doesn't happen once the browser is closed. The back button is disabled and when I type in the above mentioned url, it redirects me to login.aspx page as expected!) Suggestions please!!! This is so critical! Thanks a million. Anjani Shiwakoti Computer programs and social cultures are the same.
-
Hi Muhammad, Thanks for the tip but I have already created a session variable in my login.aspx page. And on successful login, I am also able to display username stored in the session variable in other pages. Here's a subroutine that I used in my login.aspx : Sub Submit_Click(s As Object, e as EventArgs) If Page.IsValid Then If (Authenticate(Username.Text, Passwrd.Text) = 1) Then Session("sessionUsername") = Request("Username") System.Web.Security.FormsAuthentication.SetAuthCookie(Username.Text, False) System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Username.Text, False) Else lblDisplayMessage.Text = "Invalid Username or Password." End If End If End Sub And here's a subroutine from my logout.aspx : Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Mybase.Load Session.Abandon() System.Web.Security.FormsAuthentication.SignOut() End Sub Could you please suggest me if I can do anything else to make my site work better and more secure? How come I can still go back to previously viewed pages even after I logout? How come I can still type in the url and view that page? do i have to create a session variable in web.config as well? Here's a snippet: Thanks, Anjani Computer programs and social cultures are the same. -- modified at 20:18 Saturday 14th January, 2006
See following link i am using that once. http://dotnet-magic.blogspot.com/2009/04/how-to-restrict-user-getting-access-to.html[^]