Session for Logging in and Out..Please help me!

ncamoens

Member
Joined
Mar 18, 2006
Messages
7
Programming Experience
Beginner
Hi,

I am using Session("LoggedIn") = "Yes" to allow access to web pages if login suceeds.

Then when the user clicks on the Logout button, I use Session("Logout") = "" and direct the user to another page.

However, when I click the Back button on my web browser, it still displays the previos page which the user should not be allowed access to.

Please help and tell me how I can solve this problem.

I've tried everything I could find on the Internet, but nothing seems to work. I am desperate!
 
Believe me, Kulrom, I've been doing that all along, but for some reason it doesn't work. Is there anything else I shoud configure or know about?
 
well i am doing this as it follows:

In the global.asax file add this namespace
VB.NET:
Imports System.Web 
Imports System.Web.SessionState
and this code
VB.NET:
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs) 
        ' Fires when the session is started 
        'Create a session flag 
        Session("LoggedIn") = New Boolean 
        Session("LoggedIn") = False 
End Sub

if the login page add this:
VB.NET:
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load 
   If statement ... validating user was succeful
        Session("LoggedIn") = True 
    End if
End Sub

then when user is logout set the Session("LoggedIn") to False and finally use the code from above (check the session and take an adequate action regard result)

Regards ;)

P.S. It always works for me ... i have no idea why it doesn't work for you. If this suggestion is worthless then send me the global file and i will take a look at it ... :)
 
Thanks so much. I am running the painfully slow Norton Antivirus on my computer now. I'll try out your suggestions just as soon as its over. Thanks again.
 
Hi Kulrom, I did exactly as you said but it still doesn't work. Am I declaring these session state variables in the wrong place? Here are my code snippets:

Global.asax.vb file:

VB.NET:
[SIZE=2][COLOR=#0000ff]
Imports[/COLOR][/SIZE][SIZE=2][COLOR=#800080] System.Web.SessionState[/COLOR]
[/SIZE][SIZE=2][COLOR=#0000ff]Imports[/COLOR][/SIZE][SIZE=2][COLOR=#800080] System.Web[/COLOR][/SIZE]
 
[SIZE=2][SIZE=2][COLOR=#0000ff]Sub[/COLOR][/SIZE][SIZE=2][COLOR=#800080] Session_Start([/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]ByVal[/COLOR][/SIZE][SIZE=2][COLOR=#800080] sender [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]As[/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Object[/COLOR][/SIZE][SIZE=2][COLOR=#800080], [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]ByVal[/COLOR][/SIZE][SIZE=2][COLOR=#800080] e [/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]As[/COLOR][/SIZE][SIZE=2][COLOR=#800080] EventArgs)[/COLOR]
Session("LoggedIn") = [/SIZE][SIZE=2][COLOR=#0000ff]New[/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Boolean[/COLOR][/SIZE][SIZE=2]()
Session("LoggedIn") = [/SIZE][SIZE=2][COLOR=#0000ff]False
[/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]End[/COLOR][/SIZE][SIZE=2][COLOR=#0000ff]Sub
[/COLOR][/SIZE][/SIZE]

In the HTML section of my frmLogin.aspx file:

HTML:
sub page_load(sender As Object, e As System.EventArgs) 
Dim conn as SqlConnection = New SqlConnection("server=(local);database=APMS;Trusted_Connection =yes") 
Dim comm as SqlDataAdapter = new SqlDataAdapter("select * from UserData", conn) 
Dim ds as new Dataset() comm.fill(ds,"Part") 
end sub
 
sub cmd_login(sender As Object, e As System.EventArgs) 
Dim conn as SqlConnection = New SqlConnection("server=(local);database=APMS;Trusted_Connection =yes") 
Dim comm1 As SqlCommand = New SqlCommand("select * from UserData where UserID = '"& txtUserID.text &"' and Password = '"& txtPassword.text &"' ", conn) 
Dim myReader As SqlDataReader Dim blnflag As Boolean = False 
Conn.Open() 
myReader = comm1.ExecuteReader 
 
While myReader.Read() 
Session("LoggedIn") = True 
Session("UserName") = myreader.item("FName")
blnflag = True 
response.redirect("franav.htm") 
End While 
 
If blnflag = False Then 
lblMessage.Text = "Incorrect User ID or Password. Please try again." 
End If 
conn.close() 
End Sub



fraNav is a frameset I use to hold my webforms. I put the folllowing code at the very top of the HTMl section, before the DOCTYPE, and html and head tags, like this:

<% If Session ("LoggedIn") = False Then
Response.Redirect("frmLogin.aspx")
End If
%>

At the top of the HTML section of frmHome.aspx, one of the webforms in fraNav, I have the same code.

At the top of the HTML Section of frmNav.aspx, another one of the webforms in fraNav, I have the same code. The logout hyperlink on this form has NavigateURL = "frmLogout.aspx" and Target ="_parent"

At the top of the frmLogout.aspx , again before the HTML tags, I have:

<% Session("LoggedIn") = False %>

After all this, when I click the Back button on my browser, I can still see the previous pages. This really sucks. Please tell me what I am doing wrong.
 
Oh i see ... well, try this. It will prevent the page from being cached.
VB.NET:
<%
  Response.Buffer = True
  Response.ExpiresAbsolute = Now() - 1
  Response.Expires = 0
  Response.CacheControl = "no-cache"
%>

It forces the browser to go to the server to get the page instead of from its cache.

However take a look at the original article about this: http://www.4guysfromrolla.com/webtech/111500-1.shtml


HTH
Regards ;)
 
Hmm, again it didn't work.

Got the message 'Opreator '-' is not defined for Date and Integer types.

The article says to use that in the server side script. Where exactly is the server side script in a web form?
 
ncamoens... if I were you I would implement the out-of-the-box ASP.NET FormsAuthentication module. This way ASP.NET will block access to pages automatically if the user is not authenticated. Here's a website to get you started:
http://www.15seconds.com/issue/020220.htm

FormsAuthentication means you will provide a web page where the user will login. There are alternative available approaches in ASP.NET and you don't have to figure out all the details yourself.. just implement their solution.

Note: You don't have to store the credentials in the web.config or a database unless you want to... my application requires logging in via a 3rd party application... after they login I use the FormsAuthentication module to create an encrypted FormsAuthentication cookie and ticket... works great.
 
Back
Top