Implementing logout functionality for web application
-
Hii, I have been using session variables to maintain the session of a particular user accessing the application. And on logout, i clear out all sessions and redirect it to login page. But it doesn't work, since with the help of a browsers back button u can still perform all operations on the appication. I would like to know the best possible solution for logout functionality. A user after logout should not be able to access the app even through browsers back button. :doh:
Aspiring Techie, Vishnu Nath
-
Hii, I have been using session variables to maintain the session of a particular user accessing the application. And on logout, i clear out all sessions and redirect it to login page. But it doesn't work, since with the help of a browsers back button u can still perform all operations on the appication. I would like to know the best possible solution for logout functionality. A user after logout should not be able to access the app even through browsers back button. :doh:
Aspiring Techie, Vishnu Nath
-
Hi , Are you able to preform operation if you go to the page by browser back button even after logout.If yes,it shows that you have not check whether the session expires in each page.
Could you please elaborate on how can i check for session expiration. I used to check for session.IsNewSession on each page. But even that couldn't help, hence would like to know how can i implement session expiration in every page.
Aspiring Techie, Vishnu Nath
-
Could you please elaborate on how can i check for session expiration. I used to check for session.IsNewSession on each page. But even that couldn't help, hence would like to know how can i implement session expiration in every page.
Aspiring Techie, Vishnu Nath
Your login should be stored in the session. You don't need to write some code to expire the session in every page, just set the value you check to null, when someone logs out.
Christian Graus Driven to the arms of OSX by Vista. Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.
-
Could you please elaborate on how can i check for session expiration. I used to check for session.IsNewSession on each page. But even that couldn't help, hence would like to know how can i implement session expiration in every page.
Aspiring Techie, Vishnu Nath
-
Could you please elaborate on how can i check for session expiration. I used to check for session.IsNewSession on each page. But even that couldn't help, hence would like to know how can i implement session expiration in every page.
Aspiring Techie, Vishnu Nath
Vishnu Nath wrote:
Could you please elaborate on how can i check for session expiration. I used to check for session.IsNewSession on each page.
if(Session["UserID"] != null)
{
//Do Operation
}
else
{
Response.Redirect("Login.aspx");
}Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
-
Hii, I have been using session variables to maintain the session of a particular user accessing the application. And on logout, i clear out all sessions and redirect it to login page. But it doesn't work, since with the help of a browsers back button u can still perform all operations on the appication. I would like to know the best possible solution for logout functionality. A user after logout should not be able to access the app even through browsers back button. :doh:
Aspiring Techie, Vishnu Nath
Make all the session variables null before logout.
modified on Thursday, October 8, 2009 4:04 AM
-
Vishnu Nath wrote:
Could you please elaborate on how can i check for session expiration. I used to check for session.IsNewSession on each page.
if(Session["UserID"] != null)
{
//Do Operation
}
else
{
Response.Redirect("Login.aspx");
}Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
Abhijit Jana wrote:
if(Session["UserID"] != null) { //Do Operation } else { Response.Redirect("Login.aspx"); }
This is only valid if a session for that variable was created and you are checking for its value. But if someone requests this page directly, it will throw an error stating Object refrence not set.
Aspiring Techie, Vishnu Nath
-
Abhijit Jana wrote:
if(Session["UserID"] != null) { //Do Operation } else { Response.Redirect("Login.aspx"); }
This is only valid if a session for that variable was created and you are checking for its value. But if someone requests this page directly, it will throw an error stating Object refrence not set.
Aspiring Techie, Vishnu Nath
Please read this : Exploring Session in ASP.Net[^]
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
-
Abhijit Jana wrote:
if(Session["UserID"] != null) { //Do Operation } else { Response.Redirect("Login.aspx"); }
This is only valid if a session for that variable was created and you are checking for its value. But if someone requests this page directly, it will throw an error stating Object refrence not set.
Aspiring Techie, Vishnu Nath
Buy a really basic book and read it. The code is CHECKING if the value is null.
Christian Graus Driven to the arms of OSX by Vista. Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.
-
Buy a really basic book and read it. The code is CHECKING if the value is null.
Christian Graus Driven to the arms of OSX by Vista. Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.
Thanx for your suggestion and advice, will surely do the same. I have implemented my own logic on it. :)
Aspiring Techie, Vishnu Nath
-
Thanx for your suggestion and advice, will surely do the same. I have implemented my own logic on it. :)
Aspiring Techie, Vishnu Nath
What logic u applied.Beacuse back button take page from cache.so it take old session value. so to avoid this wat u did? I also want to know
-
Thanx for your suggestion and advice, will surely do the same. I have implemented my own logic on it. :)
Aspiring Techie, Vishnu Nath
What was the Wrong with CG's Answer ?
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
-
What was the Wrong with CG's Answer ?
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
No he wasn't wrong. I had a bit concern, if a user tries to access the page directly, without following the normal routine, then the session variable which i would be checking on my page, would never have existed. Hence i put out a check over there nd followed with the rest of the suggestions provided by all of u.
Aspiring Techie, Vishnu Nath
-
What logic u applied.Beacuse back button take page from cache.so it take old session value. so to avoid this wat u did? I also want to know
U r right. And to stop a user accessing a page even after logout, i simply disabled the browsers back button after logout through javascript.
Aspiring Techie, Vishnu Nath
-
Make all the session variables null before logout.
modified on Thursday, October 8, 2009 4:04 AM
Thanks for everyone's active participation in helping me. :)
Aspiring Techie, Vishnu Nath
-
U r right. And to stop a user accessing a page even after logout, i simply disabled the browsers back button after logout through javascript.
Aspiring Techie, Vishnu Nath
U means u disable ur back button in ur whole project.
-
What was the Wrong with CG's Answer ?
Abhijit Jana | Codeproject MVP Web Site : abhijitjana.net Visit My Latest Article : Beginner's Guide : Exploring IIS 6.0 With ASP.NET
cgs ans not wrong but if we hav secure page in our site. user can view secure information