Session Expired. Force User to Log On. Part 2

[Creeder]

Hi all,

I manage to create the routine to force the user to log on once the session has timeout. However the problem comes about when the user click the Back/Forward button on the browser, and is still able to access the page.

Any ideas regarding this?

Thanks.

 

[cpope]

You could create a session variable called Session("loggedin&quot which is set to False in both your Session_OnStart and Session_OnEnd in your global.asa
When the user logs in, set this value to True.

Then on each page, you can avoid page caching by entering <% Response.Expires=-1 %>, and then run a check (if statement) on the page to make sure that your Session(&quot;loggedin&quot is set to True, if it is continue loading the page, otherwise, ouput a nice message with a link that lets the person know that they are logged out, possibly due to a timeout.

I haven't tested this, but I think it's worth a shot

Let me know if you have any questions....

 

[DGXGUY]

Include something similiar to this on every page:

<%

If Session(&quot;Logged&quot <> &quot;Y&quot; Then
' add some code here to redirect somewhere
' maybe to a login page
Else
Response.Write(&quot;<script language=javascript>&quot; & vbcrlf)
Response.Write(&quot; window.history.forward()&quot; & vbcrlf)
Response.Write(&quot;</script>&quot
End If


The &quot;window.history.forward()&quot; sets the history to the most current. In a way it disables the user from going back using the back button.

- Phil