Logging out of a Session

[amysdude]

I am trying to use my own authentication for a web application.

Upon a valid log on , I set Session["isLoggedIn"] to true. Upon "logging out" I do a Session.Abandon() and redirect to the logon page.

In the Pre_Init event, I have logic to redirect user to Login.aspx if Session["isLoggedIn"] = false

If I start my browser and try to go to Admin.aspx it redirects me to Login.aspx for me to enter my credentials. Then upon being validated, I am taken to the admin.aspx page. This is the intended functionality.

If I click logout from the Admin.aspx page, I "abandon" my session and redirect to Login.aspx.

For testing, I added a link on Login.aspx that targets Admin.aspx. If I click this after logging out, I am redirected back to Login.aspx (itself).

But If I go to localhost/mysite/Admin.aspx directly via the Browser address bar (only after being previously logged in), I am allowed in. This is my problem.

It seems the Pre_Init page is not firing or something when I go directly to the page like it does when I click the Admin.aspx link on the Login.aspx page.

What to do?

Thanks all.

 

[jmeckley]

there is a built in mechanism to do this. Forms authenication. this ties into implementations of IPrinciple and IIdentity. the user will be defined within the HttpContext.User (or HttpContext.CurrentUser) this can then be used to determine if the user is Authenicated and what roles the user is in. you can then use Security Attributes or web.config to map roles/authenication to directories and pages.

no need to mess with storing values in session. You would still call session.abandon() to logout as this will clear the user credentials.

for more help with this post to forum855

Jason Meckley
Programmer
Specialty Bakers, Inc.

faq855-7190