LOGOUT function

i have design a login page...
when the user has accessed the page, there will have a "logout" button...but when i tried to logout from the page, and then i clicked on the back button, it will bring me back to the previous page!
what i want is that when the user has logged out, and then when they click the back button, the page will say:
"YOUR SESSION HAS ENDED,PLEASE LOGIN AGAIN"

can anybody help me

This can be done by checking the Session Variable... What you need to do is set the Sessino Variable to something when the user log's in and then when they log out set it back to null.
Then use something like this:

Code: Select all

<% If Session("User") = "" Then
  Response.Write("Your Session Has Ended, Please Login Again")
Else 
  Response.Write("The content that will appear to logged in users")
End If
End If
%>

This may not be the only way to do it, but it is the way I do it.....

At the top of every page you need to check if the user is logged in...

Code: Select all

If Session("Authenticated") = False Then
    Response.Redirect "Login.asp"
End If

The code above would normally be in an INCLUDE file which is included at the top of every page.

<blockquote id="quote" class="ffs">quote:<hr height="1" noshade="noshade" id="quote" />Originally posted by Court Jester
What you need to do is set the Sessino Variable to something when the user log's in and then when they log out set it back to null.<hr height="1" noshade="noshade" id="quote" /></blockquote id="quote">When using sessions for maintaining log-in state, then I would say it makes more sense to call:-
session.abandon() when logging someone out.... that way all session variables are abandoned which is far easier and quicker than manually nullifying session variables.

__________________
Click the 'Thanks!' button if this post has helped you

Rob - Webforumz Founder

Well that depends Rob... I sometimes like to use Session Variable for everyone that comes on my site. That way i can track guests just like I track my logged-in viewers. So, guess that just depends on what your doing with it.

Sessions are on a per-user basis, you cannot set a session which covers everyone.

I know.. but I use them to track people that aren't logged in as well as people that are logged in...

what is my problem?
when the user logged in(login.asp), the login page will redirect the user to "success.asp" page.
and they click the BACK button to the "login.asp" page,
and then again they pressed the FOWARD button back to the "success.asp",
the page will still bring the user back to the success.asp page!

anybody can increase the security of my page?

Whats the problem with that?

You dont mention that they visited a logout page so what does it matter?

Actually, there is not really anything wrong with the method you use.... try not to use very fast redirects though as it can seriously hamper the use of the browsers back button.

__________________
Click the 'Thanks!' button if this post has helped you

Rob - Webforumz Founder

OK....
HERE ARE MY LOGIN PAGE I CREATE IN ASP.

<%
'Blue colorset
BackgroundColor="#AFD1F8"
BorderColor="#000080"

Content = "" 'Clear the Content string
QStr = Request.QueryString("login") 'Save the login querystring to QStr

'if ucase(left(QStr,6))="CREATE" then
'Title = "Register"
'else
Title = "Administrator Login"
'end if

'The code below saves the contents the table must have in the variable Content
'The content depends on what's in the QueryString

if QStr="passfailed" then
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center>

Wrong password</P><A href=javascript:history.go(-1)>Back</A></td></tr>"
'elseif QStr="createpassfailed" then
'Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center>

Wrong password</P>Cancel registration</td></tr>"
elseif QStr="namefailed" then
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center>

Invalid username</P>Make sure that you have entered the valid USERNAME and PASSWORD

<A HREF=javascript:history.go(-1)>Back</A></td></tr>"
else
Content = Content & "<form name=frmMain method=POST action=verify.asp>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center>
Username: <input type=text name=txtUsername></td></tr>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center>Password: <input type=password name=txtPassword></td></tr>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><input type=submit name=cmdSubmit value=Login></td></tr>"
Content = Content & "</form>"
end if
%>



<head>
<title>Administrator Login</title>
<style type="text/css">
<!--
a:link { color: #000000; text-decoration: none}
a:visited { color: #000000; text-decoration: none}
a:hover { color: #3366CC; text-decoration: none}
a:active { color: #000000; text-decoration: none}
-->
</style>

</head>

<body link="<% Response.Write(BorderColor) %>" vlink="<% Response.Write(BorderColor) %>"
alink="<% Response.Write(BorderColor) %>" text="<% Response.Write(BorderColor) %>"
bgcolor="#3399FF">


</p>


</p>


</p>


</p>


<font face="Arial, Helvetica, sans-serif"></font>

</p>
<div align="center">
<table border="2" cellspacing="5" bgcolor="<% Response.Write(BackgroundColor) %>" bordercolor="<% Response.Write(BorderColor) %>"width="300px">
<%
Response.Write("<tr><td valign=top align=center>" & Title & "</td></tr>")
Response.Write(Content) ' Paste the contents in the table
%>
<tr>
<td>
<p align="center"> <font face="Arial, Helvetica, sans-serif" size="3"><font size="2">Home</font></font>
</td>
</tr>
</table>


</p>


</p>


</p>


</p>
</div>
</body>
------------------------------------------------------------------------------------

THESE ARE THE VERIFY PAGE:

<%
'Save the entered username and password
Username = Request.Form("txtUsername")
Password = Request.Form("txtPassword")

'Build connection with database
set conn = server.CreateObject ("ADODB.Connection")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.MapPath ("users.mdb")
set rs = server.CreateObject ("ADODB.Recordset")
'Open record with entered username
rs.Open "SELECT * FROM userlist where username='"& Username &"'", conn, 1

'If there is no record with the entered username, close connection
'and go back to login with QueryString
If rs.recordcount = 0 then
rs.close
conn.close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=namefailed")
end if

'If entered password is right, close connection and open mainpage
if rs("password") = Password then
Session("name") = rs("fullname")
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("admin/mainAdmin.asp")
'If entered password is wrong, close connection
'and return to login with QueryString
else
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=passfailed")
end if
%>



CAN YOU SHOW ME WHERE SHOULD I KEEP THIS CODE THAT YOU GAVE ME:

<% If Session("User") = "" Then
Response.Write("Your Session Has Ended, Please Login Again")
Else
Response.Write("The content that will appear to logged in users")
End If
End If
%>

CAN YOU CODE ME THE LOGOUT PAGE!

logout.asp

Code: Select all

<%
Session.Abandon
Response.Redirect "Login.asp"
%>

hey smokie...
i had a hard time trying with the session variable!
could you show me step by step instruction please?

here i repeat my problem Hope you dont mind

I have a main page that have the login link button...

login page:

username:_________
password:_________

verify login page:

bla..bla..bla..

and the default page(in frame page)-[if password and username is TRUE]
in one of the frame page, i have a logout button:

<%
Session("name")=""
Response.Redirect("login.asp")

%>

when i clicked the logout button, it will go to my main page!
when i already in the main page, and then i click the back brouser button,
it will go back to the default page!!!!!!

what i want is, when i click the back browser button, (after i logout), a page will appear saying that my session has ended, please login again!

how can i do that!

can you teach me, i mean specificly,
where should i put the code?
in which page?
i know it has to do something with "session", but i have tried them and still not working!

can you please teach me...?

Sure Monie, i have already answered this on the first page of this thread, the first thing i posted was the answer to your question.

i tried man, but i dont know where should i placed all the code!
ok, this is the code that you gave me,
this will be placed on top of every page i have,is it?

<%
If Session("Authenticated") = False Then
Response.Redirect "Login.asp"
End If
%>

"Authenticated" is just a variable right?
Is this variable should be the same in my logout page variable?
because inside the logout.asp, i am using "user" as the variable.

this is the logout.asp page:

<%
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1
If Session("user") = False then
Response.Write("Your session has ended, login again!")
end if%>

so, am i on the right track so far?
any thing that i forgot?

That code i posted should be put at the top of every page that you want to protect, so a user cant bookmark a protected page and come directly back to it later.

Yes you should change Session("Authenticated") to Session("User")

ok, that works fine
thanx everyone!