I generate a menu with an include file that is included in all of the webpages. The "logout" menu item is generated by the following line:
Response.Write("<div class='holo' onclick='Show()' nextPage= logout.asp>Logout</div>")
That sends it to the logout.asp file, which contains just the following:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
Session.Abandon
Response.Redirect("login.asp")
%>
That sends it back to the login page. All appears to be well. However, if one types the url of one of the site's pages, it will go there with the same permissions as the person who, supposedly, just logged out. In my search for a solution to this problem, various sources of info about "session.abandon" said that it didn't destroy the session objects until the page had finished running. Could something still be "running" or is there some other problem.
Response.Write("<div class='holo' onclick='Show()' nextPage= logout.asp>Logout</div>")
That sends it to the logout.asp file, which contains just the following:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
Session.Abandon
Response.Redirect("login.asp")
%>
That sends it back to the login page. All appears to be well. However, if one types the url of one of the site's pages, it will go there with the same permissions as the person who, supposedly, just logged out. In my search for a solution to this problem, various sources of info about "session.abandon" said that it didn't destroy the session objects until the page had finished running. Could something still be "running" or is there some other problem.
