Session logout problem
-
Hi, I m working on an asp.net c# website. I have used session to maintain user login. Now the problem is when user clicks logout I have removed the session variables value and redirected user to a default page. Now when the user clicks back button of the browser he is again inside that website which is supposed to be used after login. Is there any solution for this ? Regards
Vijay V. Yash Softech
-
It will work but I dont think its a good practice. Regards
Vijay V. Yash Softech
-
Brij, I think it will not be a parmanent soluation . Any idea to resolve ?
cheers, Abhijit
-
Brij, I think it will not be a parmanent soluation . Any idea to resolve ?
cheers, Abhijit
Trying to find out. Regards
Vijay V. Yash Softech
-
Trying to find out. Regards
Vijay V. Yash Softech
you can use window.history.forward(1); to disallow the back button to be clicked ... whenever session expires.. Just after redirect, place this script to the login.aspx.
Abhishek Sur
-
you can use window.history.forward(1); to disallow the back button to be clicked ... whenever session expires.. Just after redirect, place this script to the login.aspx.
Abhishek Sur
Will it be solve the actual purpose , (remove cache from browser ) ?
cheers, Abhijit
-
Sumit has given the correct solution. you have to use Session.Abondan(). it will remove all session and set them to null. if this is your logout code
public void logout() { Session.Abondan(); Response.Redirect("Login.aspx"); }Now it will redirect to Login page. now if user click on Back Button of browser , it will again back to your last page, so you have to check the session on page load checkif(Session["UserName"] == null ) { response.redirect("Login.aspx"); } else { // User with valid session }so this will again redirect to your login page even if user click on back button.cheers, Abhijit
Abhijit Jana wrote:
so this will again redirect to your login page even if user click on back button.
NO. When you press back button, no request is made by the browser for the page.It just loads from the cache. So page_load code won't get execute.
Navaneeth How to use google | Ask smart questions
-
Brij, I think it will not be a parmanent soluation . Any idea to resolve ?
cheers, Abhijit
There is no permanent solution available.
Navaneeth How to use google | Ask smart questions
-
Hi, I m working on an asp.net c# website. I have used session to maintain user login. Now the problem is when user clicks logout I have removed the session variables value and redirected user to a default page. Now when the user clicks back button of the browser he is again inside that website which is supposed to be used after login. Is there any solution for this ? Regards
Vijay V. Yash Softech
VijayVishwakarma wrote:
Is there any solution for this ?
No reliable solutions are available. When you press back button, browser loads the previous page from it's cache. It won't request for that page again. Some JS can forward the page when back button is pressed, but again it is not reliable as JS can be turned off. If you are very much concerned about users viewing the page, I suggest to use popup window for displaying all your secure pages. Once user logs out, close that popup. Also ensure that your webpages are not accessible when user has turned off JS.
Navaneeth How to use google | Ask smart questions
-
you can use window.history.forward(1); to disallow the back button to be clicked ... whenever session expires.. Just after redirect, place this script to the login.aspx.
Abhishek Sur
This isnt the best solution. The problem is that you shouldnt be trying to disable areas of the browser because no matter what, if a user wants to and knows how they will be able to use every feature of the browser they wish to. You should be building a better web app so it doesnt matter if the user hits the back button in the browser.
Deliver yesterday, code today, think tomorrow. "http://www.heuse.com/cphumor.htm"
-
Hi, I m working on an asp.net c# website. I have used session to maintain user login. Now the problem is when user clicks logout I have removed the session variables value and redirected user to a default page. Now when the user clicks back button of the browser he is again inside that website which is supposed to be used after login. Is there any solution for this ? Regards
Vijay V. Yash Softech
Check this article out: BackButton
Deliver yesterday, code today, think tomorrow. "http://www.heuse.com/cphumor.htm"
-
Hi, I m working on an asp.net c# website. I have used session to maintain user login. Now the problem is when user clicks logout I have removed the session variables value and redirected user to a default page. Now when the user clicks back button of the browser he is again inside that website which is supposed to be used after login. Is there any solution for this ? Regards
Vijay V. Yash Softech
There are many alternatives to it not the exact solution 1. When User clicks log out button close the browser after resetting the session. 2. After logged out also when user clicks back browser button then you could see the last page visited when user was logged in But this page comes from Cache no server side request has sent So no worry if you are checking user credentials in every page he won't be able to do any thing I think just remove Cache ok even if he refresh the Page then he should redirect to default log in Page Hope i am able to explain it
Thanks and Regards Sandeep If If you look at what you do not have in life, you don't have anything, If you look at what you have in life, you have everything... " Check My Blog
-
This isnt the best solution. The problem is that you shouldnt be trying to disable areas of the browser because no matter what, if a user wants to and knows how they will be able to use every feature of the browser they wish to. You should be building a better web app so it doesnt matter if the user hits the back button in the browser.
Deliver yesterday, code today, think tomorrow. "http://www.heuse.com/cphumor.htm"
Can this be managed using cookies? Coz the sites like gmail uses cookies to handle login and once you logout they wont allow you to login again. Am I thinking right? Any suggestion? Regards
Vijay V. Yash Softech
-
Hi, I m working on an asp.net c# website. I have used session to maintain user login. Now the problem is when user clicks logout I have removed the session variables value and redirected user to a default page. Now when the user clicks back button of the browser he is again inside that website which is supposed to be used after login. Is there any solution for this ? Regards
Vijay V. Yash Softech
Put this in your Page Load event : Response.Expires = 0; Response.ExpiresAbsolute = DateTime.Now;
-
Put this in your Page Load event : Response.Expires = 0; Response.ExpiresAbsolute = DateTime.Now;
Apologies to bother you but can you please brief me where? On which page? Regards
Vijay V. Yash Softech
-
Apologies to bother you but can you please brief me where? On which page? Regards
Vijay V. Yash Softech
You can place it on all the pages you are using in the Page Load event. (probably could to this in the HttpModule) protected void Page_Load(object sender, EventArgs e) { Response.Expires = 0; Response.ExpiresAbsolute = DateTime.Now; if (Session["User"] != null) { //some other code... } else { //Redirect to Login Page } } The on the Logout button if the Sessions are "Abandoned" and the user tries navigating Back to this page he will be re-directed (asked for login credentials)... Hope this helps
-
You can place it on all the pages you are using in the Page Load event. (probably could to this in the HttpModule) protected void Page_Load(object sender, EventArgs e) { Response.Expires = 0; Response.ExpiresAbsolute = DateTime.Now; if (Session["User"] != null) { //some other code... } else { //Redirect to Login Page } } The on the Logout button if the Sessions are "Abandoned" and the user tries navigating Back to this page he will be re-directed (asked for login credentials)... Hope this helps
thanks for the reply. But this too is not working. I have added the code in the page load and on logout have used Session.Abandon(). After logout I tried back button its again in. Only IE is not allowing the user to go back in but other browsers like Mozilla, Opera are allowing to go back in however I cannot do anything but I dont want user to go in after loggin out.
Vijay V. Yash Softech
-
thanks for the reply. But this too is not working. I have added the code in the page load and on logout have used Session.Abandon(). After logout I tried back button its again in. Only IE is not allowing the user to go back in but other browsers like Mozilla, Opera are allowing to go back in however I cannot do anything but I dont want user to go in after loggin out.
Vijay V. Yash Softech
One thing I noticed that page load is not called when User presses the back button.So this means the page load is not called when a browsers back button is pressed. And thus the code to check Session value is not called and the user is in. May be I have to use the Session code on any other page function. Can anyone suggest me on this? Regards
Vijay V. Yash Softech
-
One thing I noticed that page load is not called when User presses the back button.So this means the page load is not called when a browsers back button is pressed. And thus the code to check Session value is not called and the user is in. May be I have to use the Session code on any other page function. Can anyone suggest me on this? Regards
Vijay V. Yash Softech
I noticed that too.. Mozilla is a strange animal :) What I found that could possibly work is to add javascript function on the document Onload event... onload="CheckSessions()" then through your javascript function click some hidden server button to re check the sessions (this will cause a Postback). function CheckSessions() { document.getElementById("btnCheck").click(); } This is a bit of a hack but it works... javascript fires even after navigating back... PS: I noticed that the navigating doesnt call the Page_Load or Page_Init :(
-
I noticed that too.. Mozilla is a strange animal :) What I found that could possibly work is to add javascript function on the document Onload event... onload="CheckSessions()" then through your javascript function click some hidden server button to re check the sessions (this will cause a Postback). function CheckSessions() { document.getElementById("btnCheck").click(); } This is a bit of a hack but it works... javascript fires even after navigating back... PS: I noticed that the navigating doesnt call the Page_Load or Page_Init :(
ooops that will go into an infinite loop :-O