Session problem

[Stephen]

HI,

I have created an application that has a logout.aspx page. here I clear the
session variables and redirect the user to the login page, but if I dont
close the brower and hit the "back" button. the user is directed to the old
pages.
How do i avoid this?

Please advice,
Stephen

 

[R.Balaji]

Hi,
On the page load event of each page, check for the session variables.
If the session variable is empty, then redirect the page to the login page.

eg)
private void Page_Load(object sender, System.EventArgs e) {

if (Session["User_Id"].ToString().Trim().Equals(string.Empty)){

Response.Redirect("Login.aspx?Msg=Session expired. Please login again.");

}

}



Regards,

R.Balaji

 

[Guest]

Taking the code from the IBUYSPY portal's admin/logoff.aspx.cs code-behind
private void Page_Load(object sender, System.EventArgs e) {

// Log User Off from Cookie Authentication System

FormsAuthentication.SignOut();


// Invalidate roles token

Response.Cookies["portalroles"].Value = null;

Response.Cookies["portalroles"].Expires = new System.DateTime(1999, 10, 12);

Response.Cookies["portalroles"].Path = "/";


// Redirect user back to the Portal Home Page

Response.Redirect(Request.ApplicationPath);

}

Key points:

1.. logout
2.. invalidate the authentication cookie(s) and session variables
3.. and redirect to a page to prevent the back button from going to a previous page
This wil not prevent someone to navigate to a cached page in their history, so check for authentication on each page where it is necessary