hi experts,
I have a serious problem with FormsAuthentication. Any help would be appreciated.
I have a login.aspx page that forces the user to authenticate and if the the password and the username are valid it uses FormsAuthentication.SetAuthCookie (intID, false) and Response.redirect("datalist.aspx") to redirect them to a secret page that is to datalist.aspx. I have also a third page logout option in my secret page that uses FormsAuthentication.SignOut method. When the user logout the browser takes him to thankyou.aspx that simply asks him if he wants to logg in again or move to the main page (default.aspx).
Problem
When I hit the go back button on the Internet explorer I can see my secret page (datalist.aspx). I have no idea why this page still there after I logged out. The pages behaves as if I have logged in. Why the old page is ( my secret page) is still showing there and it did not expire. Is it an IE problem or the problem arises from my own code? How can I avoid this problem . Please help me .
thank you in advance.
-
here are my codes.
login.aspx
<%@ Page Language="
VB" %>
<%@ Import NameSpace="System.Data" %>
<%@ Import NameSpace="System.Data.OleDb" %>
<script runat="server">
sub Login(Sender as Object, e as EventArgs)
dim intID as Integer = 0
dim Conn as new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; " & _
"Data Source=C:\inetpub\wwwroot\test.mdb")
dim objCmd as OleDbCommand = new OleDbCommand _
("spValidateUser", Conn)
objCmd.CommandType = CommandType.StoredProcedure
'set parameters for stored procedure
dim objParam as OleDbParameter
objParam = objCmd.Parameters.Add("@UserName", OleDbType.BSTR)
objParam.Value = tbUserName.Text
objParam = objCmd.Parameters.Add("@Password", OleDbType.BSTR)
objParam.Value = tbPassword.Text
try
objCmd.Connection.Open
intId = CType(objCmd.ExecuteScalar, Integer)
objCmd.Connection.Close
catch ex as OleDbException
lblMessage.Text = ex.Message
end try
if intId <> 0 then
FormsAuthentication.SetAuthCookie(intID,false)
Response.redirect("datalist.aspx")
else
lblMessage.Text = "Sorry, " & _
"Invalid username or password!<p>"
end if
end sub
sub ResetBtn_Click(source as Object, e as Eventargs)
tbUsername.text = Nothing
tbPassword.text = Nothing
end sub
</script>
-------------------------------
datalist.aspx
-----------------------
<%@ Page Language="
VB" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.Oledb" %>
<script runat="server">
'display data from spread sheet
sub Page_Load(obj as Object, e as eventargs)
Dim myDataset As New DataSet()
Dim strConn As String="Provider=Microsoft.Jet.OLEDB.4.0;Extended Properties=Excel 8.0;Data Source=" & Server.MapPath("ExcelData.xls")
Dim myData As New OledbDataAdapter("SELECT * FROM [myRange1]", strConn)
myData.TableMappings.Add("Table", "ExcelTest")
myData.Fill(myDataset)
DataGrid1.DataSource = myDataset.Tables(0).DefaultView
DataGrid1.DataBind()
end sub
</script>
------------------------
logout.aspx
--------------------
<%@ Page Language="
VB" %>
<%@ Import Namespace="System.Web.Security " %>
<script runat="server">
'logout.aspx: logs users out
sub Page_Load(Sender as Object, e as EventArgs)
FormsAuthentication.SignOut
end sub
</script>
-------------------------
web.config
--------------------
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="/Test/login.aspx" />
</authentication>
</system.web>
<location path="Test/datalist.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Forms base authentication - - - Page does not
