Classic ASP BasicsFor beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.
You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
I have a "restricted page" (for users that made their login correctly) where I put a form with a button "logout". When the user press it, I redirect "him" to the (not restricted) homepage but... if he uses his "back" browser-possibility or if he copy/paste the restricted-page URL he will be able to enter the restricted area again, without need to login again. (I don´t like this.)
I know that the Session.Abandon() could be used but if I do (the way I did) , I cannot send this user (while in the restricted page) to the "Change Password/Login" link/page included/associated because before getting "there" his session is already lost...
Well, I have already tried to study the following link:
Thanks for answering to my posting in this forum, too!
Here we are, again!
> If you have a complete separate Logout page that does nothing more than kill the session and redirect, you should be fine.
I didn´t create something like that. (Shame on me!) When the user is in a "report his-eyes-only page" (restricted) , he is able to press the logout button. Pressing it, I redirect him to the homepage, not to the login one. (I was killing the session INSIDE the "report his-eyes-only page" , right before that and... that was very silly because of the "Change Login/Password" link mentioned.)
Your idea is perfect! I should redirect him to an intermediary page that has the only purpose of killing the session and redirecting him to the homepage!!!
I hope you got the picture. Anyway, you solved my problem, I am sure!
I will do as you suggested. Thank you very much for your help!
It all went well, accordingly to your instructions.
The only small detail missing (that I would like to implement) is the following:
After the user logouts and after he is redirected to the login page (or to the homepage) , he is still able to "go back" to his protected page, simply clicking in the "Back" button on the Internet Explorer! I would like to avoid that. (The ideal situation, it seems to me, would be that "when he logouts, the only possible way to see the protected page again is doing another login".)
To solve that, I tried to use
as suggested in another posting related to all these matters. It didn´t work!