Hi guys,

This is really annoying as it seems so simple.

Here is my logout script:

Response.Buffer = True
if Session("logged")="yes" then
Session("logged")="no"

end if
Response.Clear
Response.Redirect("index.htm")

This does not work as I can still access protected pages after I have run the logout script. But the pages are protected if you open the site in a new window and attempt to access these pages without logging in to start with.

This is the code I have at the top of protected pages:

If Session("logged")<>"yes" then
response.redirect("login.asp")
end if

Hey,

Use the expression

Session.Abandon()


in the page u are using for signingout. I hope it will work for you!

Farzan Q.
BS(TeleCommunication)
Iqra University.

Hi,

Yeah I already tried that.

I altered the code on my log out page to:

Session.Abandon()
response.redirect("login.asp")

But still no luck.

Would I need to change the code on other pages if I am altering the code within log out?

Listen

The thing is you are using

if Session("logged")="yes" then
Session("logged")="no"

and then you have typed

If Session("logged")<>"yes" then
response.redirect("login.asp")
end if

for making the pages protected from any access. Now see that you are using the condition that if session("logged") is not equal to yes....Obviously it is not equal to yes bcoz you are using something wrong which may be bcoz of

if Session("logged")="yes" then
Session("logged")="no"


It means you are checking for the right thing that session is yes...then by your own assigning it "no" which is making the other condition true that is

If Session("logged")<>"yes" then
response.redirect("login.asp")


Try to do it as mentioned below:


if Session("logged")="yes" then
ALLOW THE USER TO VIEW THE PAGE
else
response.redirect("login.asp")
end if


Hope it will help....you are welcome for any further queries!

Farzan Q.
BS(TeleCommunication)
Iqra University.

Or try to do other way round

if session("logged") = "" then
response.redirect("anypage.asp")

try to skip assigining "no" in your code...

below is an example as i have used in my project for protecting my pages...

<%
  if session("uid")="" then
  Response.Write("Please Log in first to edit your account details.&nbsp;&nbsp;&nbsp;")
  Response.write "<a href="&"account_login.asp"&">Login</a> </b> <b></b>"
  else
    fname=Request.Form("fname")
    lname=Request.Form("lname")
    address=Request.Form("address")
    city=Request.Form("city")
    country=Request.Form("country")
    postcode=Request.Form("postcode")
    cnumber=Request.Form("cnumber")
    cell=Request.Form("cell")
    email=Request.Form("email")
    cjoin=Request.Form("cjoin")
%>

just notice how it works if the session is null....or any unauthorize tries to access this page without logging...

Farzan Q.
BS(TeleCommunication)
Iqra University.

Hey i m sorry i m telling you details in pieces..what ever is clicking in ma mind i m just posting here to help you.... leave everything and try to do what i m telling now!

I prefer, you shud use

Session.Abandon()


instead of assigining "no" to session("logged")....

in your signout page....and in the pages which you wanna protect just check at the top of the page that

if session("logged")="" then
response.redirect("anypage.asp")
end if

Farzan Q.
BS(TeleCommunication)
Iqra University.

This seems to work the only problem I am having now is allowing the user to view the page. So far I have only got it to work by using this code:

if Session("logged")="yes" then
response.redirect(the protected page)
else
response.redirect("login.asp")
end if

I have tried doing it this way:

<%if Session("logged")="yes" then%>
<html></html>
<%else
response.redirect("login.asp")
end if%>

But this does not seem to work I may be implementing it incorrectly??

Thanks for all your help.

i think you are doing right...

<%if Session("logged")="yes" then%>
<html></html>
<%else
response.redirect("login.asp")
end if%>

this shud solve ur problem.....

but i think you shud do it like this

dont go in complex coding by assigning "yes" or "no" to session...just take the user id or whatever the user used to login...and then just check on every protected page

if session("logged")= "" then
response.redirect("login.asp")
else
<html></html>


If you still want to use with session("logged")="yes" then let me know that are you assigning session("logged")="yes" when any user logs in???? Its a good idea to do it like that but it is making little bit complex....




Farzan Q.
BS(TeleCommunication)
Iqra University.

if you are assigning session("logged")="yes"

then you can also do it like below:

<%if Session("logged")<> "yes" then%>
response.redirect("login.asp")


<%else
<html></html>
end if%>



Do u let me know when your problem is solved!

Farzan Q.
BS(TeleCommunication)
Iqra University.

Okay I have it set up as you said above. But the log out is still not working:(:(:(!!!

I am wondering now if it is something to do with the way I log in?

If you want to have a look the URL is:

http://www40.brinkster.com/gkirk/admin.asp

userrname: user
password: pass