Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old October 25th, 2005, 12:09 PM
Authorized User
 
Join Date: Jan 2005
Location: Sao Paulo, SP, Brazil.
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default Logout and Session.Abandon()


Hello Everyone!

I have a "restricted page" (for users that made their login correctly) where I put a form with a button "logout". When the user press it, I redirect "him" to the (not restricted) homepage but... if he uses his "back" browser-possibility or if he copy/paste the restricted-page URL he will be able to enter the restricted area again, without need to login again. (I don´t like this.)

I know that the Session.Abandon() could be used but if I do (the way I did) , I cannot send this user (while in the restricted page) to the "Change Password/Login" link/page included/associated because before getting "there" his session is already lost...

Well, I have already tried to study the following link:

http://p2p.wrox.com/topic.asp?TOPIC_ID=19463

and it is, in fact, VERY related to all that. I am afraid it is too unclear/difficult to me. I could not implement those suggestions.

Could anyone give me advice and/or other references?

Thanks in advance!
fskilnik

Reply With Quote
  #2 (permalink)  
Old October 25th, 2005, 02:06 PM
Imar's Avatar
Wrox Author
Points: 66,975, Level: 100
Points: 66,975, Level: 100 Points: 66,975, Level: 100 Points: 66,975, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 16,177
Thanks: 65
Thanked 1,401 Times in 1,381 Posts
Default

I am not sure I understand. If you have a complete separate Logout page that does nothing more than kill the session and redirect, you should be fine.

Why would a user not be able to go to Login page again after a call to logout? Logout isn't protected, is it?

Can you provide more details? Maybe show some code?

Imar---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #3 (permalink)  
Old October 25th, 2005, 02:42 PM
Authorized User
 
Join Date: Jan 2005
Location: Sao Paulo, SP, Brazil.
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi there, Imar! :)

Thanks for answering to my posting in this forum, too!

Here we are, again!

> If you have a complete separate Logout page that does nothing more than kill the session and redirect, you should be fine.

I didn´t create something like that. (Shame on me!) When the user is in a "report his-eyes-only page" (restricted) , he is able to press the logout button. Pressing it, I redirect him to the homepage, not to the login one. (I was killing the session INSIDE the "report his-eyes-only page" , right before that and... that was very silly because of the "Change Login/Password" link mentioned.)

Your idea is perfect! I should redirect him to an intermediary page that has the only purpose of killing the session and redirecting him to the homepage!!!

I hope you got the picture. Anyway, you solved my problem, I am sure!

I will do as you suggested. Thank you very much for your help!

Best Regards,
Fábio.






Reply With Quote
  #4 (permalink)  
Old October 25th, 2005, 02:53 PM
Imar's Avatar
Wrox Author
Points: 66,975, Level: 100
Points: 66,975, Level: 100 Points: 66,975, Level: 100 Points: 66,975, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 16,177
Thanks: 65
Thanked 1,401 Times in 1,381 Posts
Default

Yeah, exactly. A separate page with no UI is probably the best thing to do:

1. Your protected page (or maybe on the menu through an include)
Code:
<a href="Logout.asp">Logout</asp>
2. Logout.asp
Code:
<%
  Session.Abandon()
  Response.Redirect("/")
%>
should do the trick.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #5 (permalink)  
Old October 25th, 2005, 03:46 PM
Authorized User
 
Join Date: Jan 2005
Location: Sao Paulo, SP, Brazil.
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default


Thanks, Imar!

It all went well, accordingly to your instructions.

The only small detail missing (that I would like to implement) is the following:

After the user logouts and after he is redirected to the login page (or to the homepage) , he is still able to "go back" to his protected page, simply clicking in the "Back" button on the Internet Explorer! I would like to avoid that. (The ideal situation, it seems to me, would be that "when he logouts, the only possible way to see the protected page again is doing another login".)

To solve that, I tried to use

<% onload="javascript:history.go(1)" %>

as suggested in another posting related to all these matters. It didn´t work!

Could you help me on that? Thanks a lot!

Regards,
Fábio.

Reply With Quote
  #6 (permalink)  
Old October 25th, 2005, 03:57 PM
Imar's Avatar
Wrox Author
Points: 66,975, Level: 100
Points: 66,975, Level: 100 Points: 66,975, Level: 100 Points: 66,975, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 16,177
Thanks: 65
Thanked 1,401 Times in 1,381 Posts
Default

onload is an HTML attribute that fires JavaScript, so it should be applied to the body:

<body onload="history.go(1);">

However, you could use try this at the top of the page:
Code:
<%
Response.Expires = -1
%>
This forces (usually) the browser to rerequest the page, resulting in a redirect to the login page (that is, if your protection scheme works OK).

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #7 (permalink)  
Old October 25th, 2005, 05:17 PM
Authorized User
 
Join Date: Jan 2005
Location: Sao Paulo, SP, Brazil.
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
Default


I´m back, Imar.

Guess what...

<% Response.Expires = -1 %> didn´t work but...

<body onload="history.go(1);"> worked marvellously!! :D

It is, once more, a great pleasure to thank you very much indeed for your continuous support!

All the best,
Fábio.


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
session.abandon() sarah lee ASP.NET 1.0 and 1.1 Basics 4 December 11th, 2006 05:10 PM
Session.Abandon problem r_ganesh76 General .NET 13 October 4th, 2004 11:20 PM
session.abandon!! cici Classic ASP Professional 1 April 16th, 2004 12:48 PM



All times are GMT -4. The time now is 09:32 AM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.