Destroying a Session

L

le0

Hello Guys,

I have this problem on my page. Im doing my "Logoff" portion, everytime I
click "Logoff" then click the Back button in my browser the previous page
still appears.

Heres my code
<%
If Request.QueryString("login")= "logout" Then
Application.Contents.RemoveAll()
Session.Contents.RemoveAll()
Session.Abandon
Response.Redirect("../../global/common/login/login.asp?login=logoff")
Else

End If
%>

but I think this is not working or there is something wrong with my code
Hope you can help me with this..

Thaks,
Leo
 
J

Janette

Hi Leo,

The reason the previous page probably displays, is when you click back it
uses the previous URL which would have had login=login in the URL, it is
only the page after logoff that has login=logoff. You would be far better
checking for the existance of the session, or the existance of a particular
session variable having a value instead of setting and checking the
querystring. Else, people may just add login=login to their URL, to bypass
logging in. So for example, when you logon, you might create a session
variable called user and populate it with the username of the person who
just successfully logged on. Then in each page inside the app check for a
value in the user session variable, as it will only have a value if a user
is logged on.

<%
If Session("user") = "" then
Application.Contents.RemoveAll()
Session.Contents.RemoveAll()
Session.Abandon

Else

End If
%>

Hope this helps.
Janette
 
S

Stuart Palmer

If you are using the back button, what you are actually doing is viewing the
same cached file you saw before. A route around this would be to force the
previous page not to cache, I think this would solve your problem.

Stu
 
L

le0

Hi Janette =)

You are absolutely right, but my page has the include file like this

<%
If Len(Session("AccessType")) = 0 Then
Dim sUrlExpire
sUrlExpire =
"../../global/common/login/login.asp?login=expired&sysid=" & strSysPath
%>

<script language=javascript>
top.location.href = "<%=sUrlExpire%>"
</script>

<%
Response.End
End If
%>

it checks the accesstype of the user before logging in to the page, and Im
expecting that when I use this code
Application.Contents.RemoveAll()
Session.Contents.RemoveAll()
Session.Abandon
the sessions will automatically destroyed even if i click the back button =(

Please helppp..
 
D

Dave Anderson

le0 said:
I have this problem on my page. Im doing my "Logoff" portion,
everytime I click "Logoff" then click the Back button in my
browser the previous page still appears.

That is the proper behavior, according to the HTTP specification. The
History belongs to the browser, not to you:

"User agents often have history mechanisms, such as "Back"
buttons and history lists, which can be used to redisplay
an entity retrieved earlier in a session. By default, the
Expires field does not apply to history mechanisms. If the
entity is still in storage, a history mechanism should
display it even if the entity has expired, unless the user
has specifically configured the agent to refresh expired
history documents."

http://www.w3.org/Protocols/HTTP/1.1/spec.html
 
D

Dave Anderson

I said:
That is the proper behavior, according to the HTTP specification.
The History belongs to the browser, not to you:

"User agents often have history mechanisms, such as "Back"
buttons and history lists, which can be used to redisplay
an entity retrieved earlier in a session. By default, the
Expires field does not apply to history mechanisms. If the
entity is still in storage, a history mechanism should
display it even if the entity has expired, unless the user
has specifically configured the agent to refresh expired
history documents."

http://www.w3.org/Protocols/HTTP/1.1/spec.html

In addition,

"History mechanisms and caches are different. In particular
history mechanisms SHOULD NOT try to show a semantically
transparent view of the current state of a resource. Rather,
a history mechanism is meant to show exactly what the user
saw at the time when the resource was retrieved.

By default, an expiration time does not apply to history
mechanisms. If the entity is still in storage, a history
mechanism SHOULD display it even if the entity has expired,
unless the user has specifically configured the agent to
refresh expired history documents."

http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.13
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

session 1
Asp Session 0
refresh and session 1
Session 6
session Problem 3
Lossing my session variable 4
proper way to logout and end a session 1
Session Problems 2

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top