Jump to content

Problem with Login Script


stebo0728

Recommended Posts

Here is my question, I have a login script, and when i log out, it ends the session and redirects to the home page. However, if I go back up to the address bar and type in the account page, it allows me to reenter as if i never logged out, how can i get the session to totally end so that i will get my logged out message when i try to go back to the account page? if i go to any other login specific page it workshere is how the script works,the actual login form is in a shared portion that is included in every page, if you are logged out, it shows the login form, if you are logged in it shows your username, along with a home and logout button, when you login it loads "usermain.asp" page. when you logout, it ends the session with Session.Abandon, then redirects to "index.asp". Then if I go up to the address bar and type in "usermain.asp" then it shows me logged in and paints the page, rather than the "You must log in" message.here is my codeusermain.asp code

<%If Session("loggedon") <> "true" then	Response.Write("<tr><td width=""400"">   You must be logged in to use this feature.</td></tr>")Else	If Session("logintype") = "customer" then		Response.Write("<tr><td>   <Span class=""headertitle""><b>Customer Tools</b></span></td><td><!-- <form action=""usermain.asp"" method=""get""><input type=""hidden"" name=""msg"" value=""logout"" /><input type=""submit"" value=""Logout"" /></form> --></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td><font size=""1"">   Welcome " & Session("name") & "</font></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td><font size=""1"">   " & Session("customername") & "</font></td></tr>")		Response.Write("<tr><td><font size=""1"">   " & Session("customerlocation") & "</font></td></tr>")		Response.Write("<tr><td width=""200""><font size=""1"">   Account Number: " & Session("customernumber") & "</font></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td>   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""ordertracking.asp?pageno=1"">Order Tracking</a></td></tr>")		Response.Write("<tr><td>   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""pricesheets.asp"">Price Sheets</a></td></tr>")		If Session("customerclass") = "100" then 			Response.Write("<tr><td>   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""amerigasrequisition.asp"">Submit a Requisition</a></td></tr>")		Else			Response.Write("<tr><td>   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""orderentry.asp"">Place and Order</a></td></tr>")		End If		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td> </td></tr>")	ElseIf Session("logintype") = "employee" then		Response.Write("<tr><td>   <Span class=""headertitle""><b>Employee Tools</b></span></td><td><!-- <form action=""usermain.asp"" method=""get""><input type=""hidden"" name=""msg"" value=""logout"" /><input type=""submit"" value=""Logout"" /></form> --></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td><font size=""1"">   Welcome " & Session("name") & "</font></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td><font size=""1"">   " & Session("customername") & "</font></td></tr>")		Response.Write("<tr><td><font size=""1"">   " & Session("customerlocation") & "</font></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td>   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""http://www.rutherfordequipment.com/mewebmail"">Web Mail</a></td></tr>")		Response.Write("<tr><td>   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""ordertracking.asp?pageno=1"">Order Tracking</a></td></tr>")		Response.Write("<tr><td>   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""pricesheets.asp"">Price Sheets</a></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td> </td></tr>")	ElseIf Session("logintype") = "administrator" then		Response.Write("<tr><td>   <Span class=""headertitle""><b>Employee Tools</b></span></td><td><!-- <form action=""usermain.asp"" method=""get""><input type=""hidden"" name=""msg"" value=""logout"" /><input type=""submit"" value=""Logout"" /></form> --></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td><font size=""1"">   Welcome " & Session("name") & "</font></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td><font size=""1"">   " & Session("customername") & "</font></td></tr>")		Response.Write("<tr><td><font size=""1"">   " & Session("customerlocation") & "</font></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td width=""300"">   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""administration.asp"">Site Administration</a></td></tr>")		Response.Write("<tr><td width=""300"">   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""http://www.rutherfordequipment.com/meadmin"">Web Mail Administration</a></td></tr>")		Response.Write("<tr><td width=""300"">   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""http://www.rutherfordequipment.com/mewebmail"">Web Mail</a></td></tr>")		Response.Write("<tr><td width=""300"">   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""ordertracking.asp?pageno=1"">Order Tracking</a></td></tr>")		Response.Write("<tr><td width=""300"">   <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13"">   <a href=""pricesheets.asp"">Price Sheets</a></td></tr>")		Response.Write("<tr><td> </td></tr>")		Response.Write("<tr><td> </td></tr>")	End IfEnd If%>

userdisplay.asp - "userdisplay.asp" is included before this code block to show the login portion, its code is farther down the post

<%If Request.QueryString("msg") = "logout" then    Session.Abandon    Response.Redirect("index.asp")ElseIf Session("loggedon") = "false" then    Response.Write("Logged Out")ElseIf Session("loggedon") = "true" then	Response.Write("<center><table class=""bodytext"">")	Response.Write("<tr><td align=""center""><font size=""1"">Logged in as: <b>" & Session("username") & "</b></font></td></tr>")	Response.Write("<tr><td align=""center""><a href=""usermain.asp""><font size=""1"">My Home</font></a> | <a href=""usermain.asp?msg=logout""><font size=""1"">Logout</a></td></tr>")	Response.Write("</table></center>")ElseIf Request.Form("loggingin") = "true" then	Set user = Server.CreateObject("ADODB.RecordSet")	userSelect = "SELECT * FROM logins WHERE username = '" & Request.Form("username") & "'"	user.Open userSelect, dataConn	If user.RecordCount = 0 or user.EOF then        	Response.Write("<center><table class=""bodytext"">")    		Response.Write("<form id=""loginform"" action=""usermain.asp"" method=""post"">")    		Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Username:</b></td><td><input type=""text"" name=""username"" size=""23"" style=""font-size: 9px"" /></td></tr>")    		Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Password:</b></td><td><input type=""password"" name=""password"" size=""23"" style=""font-size: 9px"" /></td></tr>")    		Response.Write("<tr><td colspan=""2"" align=""left""><a href=""userregister.asp"" style=""font-size: 9px; font-color=#4767AD"">Register</a> | <a href=""userpasswordremind.asp"" style=""font-size: 9px; font-color=#4767AD"">Retrieve Password</a> <input type=""hidden"" name=""loggingin"" value=""true"" /><input type=""submit"" value=""Login"" style=""font-size: 9px"" /></td></tr>")        	Response.Write("<tr><td colspan=""2"" align=""center""><b style=""font-size: 9px""><font color=""#cc0000"">***Invalid Username</font></b></td></tr>")    		Response.Write("</table></center>")    		Response.Write("<script language=""JavaScript"">loginform.username.focus();</script>")	ElseIf Request.Form("password") <> user.Fields.Item("password") then        	Response.Write("<center><table class=""bodytext"">")    		Response.Write("<form id=""loginform"" action=""usermain.asp"" method=""post"">")    		Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Username:</b></td><td><input type=""text"" name=""username"" value=""" & Request.Form("username") & """ size=""23"" style=""font-size: 9px"" /></td></tr>")    		Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Password:</b></td><td><input type=""password"" name=""password"" size=""23"" style=""font-size: 9px"" /></td></tr>")    		Response.Write("<tr><td colspan=""2"" align=""left""><a href=""userregister.asp"" style=""font-size: 9px; font-color=#4767AD"">Register</a> | <a href=""userpasswordremind.asp"" style=""font-size: 9px; font-color=#4767AD"">Retrieve Password</a> <input type=""hidden"" name=""loggingin"" value=""true"" /><input type=""submit"" value=""Login"" style=""font-size: 9px"" /></td></tr>")        	Response.Write("<tr><td colspan=""2"" align=""center""><b style=""font-size: 9px""><font color=""#cc0000"">***Invalid Password</font></b></td></tr>")    		Response.Write("</table></center>")    		Response.Write("<script language=""JavaScript"">loginform.password.focus();</script>")	Else		Session("loggedon") = "true"		Session("username") = user.Fields.Item("username")		Session("name") = user.Fields.Item("name")		Session("customername") = user.Fields.Item("customername")		Session("customerlocation") = user.Fields.Item("customerlocation")		Session("customernumber") = user.Fields.Item("customernumber")		Session("customerclass") = user.Fields.Item("customerclass")		Session("orderpage") = 1		Session("logintype") = user.Fields.Item("logintype")		Session("eqsheet") = user.Fields.Item("eqsheet")		Session("cpsheet") = user.Fields.Item("cpsheet")		Session("defshipco") = user.Fields.Item("shiptocompany")		Session("defshipadd1") = user.Fields.Item("shiptoadd1")		Session("defshipadd2") = user.Fields.Item("shiptoadd2")		Session("defshipcity") = user.Fields.Item("shiptocity")		Session("defshipstate") = user.Fields.Item("shiptostate")		Session("defshipzip") = user.Fields.Item("shiptozip")		Session("email") = user.Fields.Item("email")		Response.Redirect("usermain.asp")	End IfElse    Response.Write("<center><table class=""bodytext"">")	Response.Write("<form id=""loginform"" action=""usermain.asp"" method=""post"">")	Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Username:</b></td><td><input type=""text"" name=""username"" size=""23"" style=""font-size: 9px"" /></td></tr>")	Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Password:</b></td><td><input type=""password"" name=""password"" size=""23"" style=""font-size: 9px"" /></td></tr>")	Response.Write("<tr><td colspan=""2"" align=""left""><a href=""userregister.asp"" style=""font-size: 9px; font-color=#4767AD"">Register</a> | <a href=""userpasswordremind.asp"" style=""font-size: 9px; font-color=#4767AD"">Retrieve Password</a> <input type=""hidden"" name=""loggingin"" value=""true"" /><input type=""submit"" value=""Login"" style=""font-size: 9px"" /></td></tr>")	Response.Write("</table></center>")End If%>

Any ideas?ThanksStephen

Link to comment
Share on other sites

In addition to session.abandon, go through each session value and unset it or set it to "" or 0 or something. Also, instead of using response.redirect after abandoning the session, write out a small HTML page that will do a meta refresh to the next page. That will help ensure that the browser will delete the session cookie if session.abandon is telling it to do that.<html><head><title>Thank You</title><meta http-equiv="refresh" content="1;url=index.asp" /></head><body>Thank You</body></html>

Link to comment
Share on other sites

Ok, thanks for the suggestions, i tried them with no luck, but in case anyone else needs the answer, I did figure it out.The problem is that the page is in the Response cache, and thus when you type it in the address bar then the browser just repaints the page from cache instead of evaluating the scriptthe solution is to add the following line to the top of any page that you want un-cachedResponse.Expires = 0That causes the response cache to expire immediately thus forcing the browser to re-evaluate the pageThanks

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...