Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Logout Issue

Status
Not open for further replies.
pupadu

pupadu

Programmer
Mar 18, 2005
24
US
Hello everyone. I have an application (ASP and SQL Server) that requires a user to login and logout. When the user logs out, it takes them to the appropriate page. However, if they were to click the "Back" button on their browser, they still have access to the last page they had visited. Is there a way to keep the user from viewing the last page visited when they click the "Back" button?

Here is my logout code:

<%
Response.Buffer=True
Session.Abandon
Response.Clear
Response.Redirect "login.asp"
%>

Any and all suggestions and advice will be greatly appreciated.
 
Sort by date Sort by votes
after the "Back" is clicked try refreshing the page, does the page work now?

if it does then there is an error in ur session checking. if it doesnt then its because of cache. try setting cache headers (this will disable back permanently even if the user is logged, u will get a "Page Expired" message)...

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Thanks vbkris for the quick response. The page did continue to work.

I'm a bit of a novice with a growing knowledge of ASP. Could guide me in the right direction as to how I can find the error in my session checking?

Again, any and all suggestions and advice is greatly appreciated.
 
Upvote 0 Downvote
I assume that you have some code at the top of all the protected pages .... code that keeps people out if they have not logged in... please post that code.
 
Upvote 0 Downvote
Thanks to you as well, Sheco. Now I know that I'm a novice at ASP. I have a session check script at the top of the page the user is taken to after they have logged in. I don't have it on any other pages.

Based on this knowledge, I see where I'm truly going wrong with this. Like I've said before, a novice with a growing knowledge.
 
Upvote 0 Downvote
I like to put that code into a little tiny file and then use the INCLUDE directive to pull it into all of the pages that I wish to protect. Just one little line like this:
<!--#include file="security.asp"-->

Check this link for more info:
Except be aware that the first demo on that site uses a file with a .inc file extension. For security reasons you should only use files with a .asp extension because, that way, the server will never show the browser the contents of the file.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
377
JScannell
JScannell
Ambientguitar
  • Locked
  • Question
Issue with this not calling the Sub in Classic ASP page
Replies
5
Views
328
MarkSweetland
MarkSweetland
vamsikirank
  • Locked
  • Question
Fortify Scan For Classic Asp Application - Issue
Replies
2
Views
241
guitarzan
guitarzan
MauiNick
  • Locked
  • Question
Weird issue with IIS7 &amp; ASP
Replies
1
Views
108
xwb
xwb
44nato44
  • Locked
  • Question
@@Identity issue 1
Replies
4
Views
132
44nato44
44nato44

Part and Inventory Search

Sponsor

Back
Top