LauraCairns
Programmer
In my Global.asax I have been using it to set the session variables however when I close the browser window and open up a new window I am still able to access pages as if I am logged in. This is a major security problem obviously and i'm not sure if its something which I have done wrong or an IE problem. Should I clear the session variable somewhere else in the global.asax. Can anyone suggest here I might have gone wrong.
protected void Session_Start(Object sender, EventArgs e)
{
// login info
Session["UserID"] = "";
Session["Company"] = "";
Session["VacID"] = "";
Session["VacChangeID"] = "";
Session["AppID"] = "";
Session["AccID"] = "";
}
protected void Session_End(Object sender, EventArgs e)
{
// on session end, redirect to home page
Response.Redirect("index.aspx");
// clear all session variables
Session["UserID"] = "";
Session["Company"] = "";
Session["VacID"] = "";
Session["VacChangeID"] = "";
Session["AppID"] = "";
Session["AccID"] = "";
}
protected void Session_Start(Object sender, EventArgs e)
{
// login info
Session["UserID"] = "";
Session["Company"] = "";
Session["VacID"] = "";
Session["VacChangeID"] = "";
Session["AppID"] = "";
Session["AccID"] = "";
}
protected void Session_End(Object sender, EventArgs e)
{
// on session end, redirect to home page
Response.Redirect("index.aspx");
// clear all session variables
Session["UserID"] = "";
Session["Company"] = "";
Session["VacID"] = "";
Session["VacChangeID"] = "";
Session["AppID"] = "";
Session["AccID"] = "";
}