stebo0728 Posted October 3, 2007 Share Posted October 3, 2007 Here is my question, I have a login script, and when i log out, it ends the session and redirects to the home page. However, if I go back up to the address bar and type in the account page, it allows me to reenter as if i never logged out, how can i get the session to totally end so that i will get my logged out message when i try to go back to the account page? if i go to any other login specific page it workshere is how the script works,the actual login form is in a shared portion that is included in every page, if you are logged out, it shows the login form, if you are logged in it shows your username, along with a home and logout button, when you login it loads "usermain.asp" page. when you logout, it ends the session with Session.Abandon, then redirects to "index.asp". Then if I go up to the address bar and type in "usermain.asp" then it shows me logged in and paints the page, rather than the "You must log in" message.here is my codeusermain.asp code <%If Session("loggedon") <> "true" then Response.Write("<tr><td width=""400""> You must be logged in to use this feature.</td></tr>")Else If Session("logintype") = "customer" then Response.Write("<tr><td> <Span class=""headertitle""><b>Customer Tools</b></span></td><td><!-- <form action=""usermain.asp"" method=""get""><input type=""hidden"" name=""msg"" value=""logout"" /><input type=""submit"" value=""Logout"" /></form> --></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td><font size=""1""> Welcome " & Session("name") & "</font></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td><font size=""1""> " & Session("customername") & "</font></td></tr>") Response.Write("<tr><td><font size=""1""> " & Session("customerlocation") & "</font></td></tr>") Response.Write("<tr><td width=""200""><font size=""1""> Account Number: " & Session("customernumber") & "</font></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""ordertracking.asp?pageno=1"">Order Tracking</a></td></tr>") Response.Write("<tr><td> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""pricesheets.asp"">Price Sheets</a></td></tr>") If Session("customerclass") = "100" then Response.Write("<tr><td> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""amerigasrequisition.asp"">Submit a Requisition</a></td></tr>") Else Response.Write("<tr><td> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""orderentry.asp"">Place and Order</a></td></tr>") End If Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td> </td></tr>") ElseIf Session("logintype") = "employee" then Response.Write("<tr><td> <Span class=""headertitle""><b>Employee Tools</b></span></td><td><!-- <form action=""usermain.asp"" method=""get""><input type=""hidden"" name=""msg"" value=""logout"" /><input type=""submit"" value=""Logout"" /></form> --></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td><font size=""1""> Welcome " & Session("name") & "</font></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td><font size=""1""> " & Session("customername") & "</font></td></tr>") Response.Write("<tr><td><font size=""1""> " & Session("customerlocation") & "</font></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""http://www.rutherfordequipment.com/mewebmail"">Web Mail</a></td></tr>") Response.Write("<tr><td> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""ordertracking.asp?pageno=1"">Order Tracking</a></td></tr>") Response.Write("<tr><td> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""pricesheets.asp"">Price Sheets</a></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td> </td></tr>") ElseIf Session("logintype") = "administrator" then Response.Write("<tr><td> <Span class=""headertitle""><b>Employee Tools</b></span></td><td><!-- <form action=""usermain.asp"" method=""get""><input type=""hidden"" name=""msg"" value=""logout"" /><input type=""submit"" value=""Logout"" /></form> --></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td><font size=""1""> Welcome " & Session("name") & "</font></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td><font size=""1""> " & Session("customername") & "</font></td></tr>") Response.Write("<tr><td><font size=""1""> " & Session("customerlocation") & "</font></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td width=""300""> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""administration.asp"">Site Administration</a></td></tr>") Response.Write("<tr><td width=""300""> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""http://www.rutherfordequipment.com/meadmin"">Web Mail Administration</a></td></tr>") Response.Write("<tr><td width=""300""> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""http://www.rutherfordequipment.com/mewebmail"">Web Mail</a></td></tr>") Response.Write("<tr><td width=""300""> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""ordertracking.asp?pageno=1"">Order Tracking</a></td></tr>") Response.Write("<tr><td width=""300""> <img border=""0"" src=""images/bullet_hla.gif"" width=""15"" height=""13""> <a href=""pricesheets.asp"">Price Sheets</a></td></tr>") Response.Write("<tr><td> </td></tr>") Response.Write("<tr><td> </td></tr>") End IfEnd If%> userdisplay.asp - "userdisplay.asp" is included before this code block to show the login portion, its code is farther down the post <%If Request.QueryString("msg") = "logout" then Session.Abandon Response.Redirect("index.asp")ElseIf Session("loggedon") = "false" then Response.Write("Logged Out")ElseIf Session("loggedon") = "true" then Response.Write("<center><table class=""bodytext"">") Response.Write("<tr><td align=""center""><font size=""1"">Logged in as: <b>" & Session("username") & "</b></font></td></tr>") Response.Write("<tr><td align=""center""><a href=""usermain.asp""><font size=""1"">My Home</font></a> | <a href=""usermain.asp?msg=logout""><font size=""1"">Logout</a></td></tr>") Response.Write("</table></center>")ElseIf Request.Form("loggingin") = "true" then Set user = Server.CreateObject("ADODB.RecordSet") userSelect = "SELECT * FROM logins WHERE username = '" & Request.Form("username") & "'" user.Open userSelect, dataConn If user.RecordCount = 0 or user.EOF then Response.Write("<center><table class=""bodytext"">") Response.Write("<form id=""loginform"" action=""usermain.asp"" method=""post"">") Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Username:</b></td><td><input type=""text"" name=""username"" size=""23"" style=""font-size: 9px"" /></td></tr>") Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Password:</b></td><td><input type=""password"" name=""password"" size=""23"" style=""font-size: 9px"" /></td></tr>") Response.Write("<tr><td colspan=""2"" align=""left""><a href=""userregister.asp"" style=""font-size: 9px; font-color=#4767AD"">Register</a> | <a href=""userpasswordremind.asp"" style=""font-size: 9px; font-color=#4767AD"">Retrieve Password</a> <input type=""hidden"" name=""loggingin"" value=""true"" /><input type=""submit"" value=""Login"" style=""font-size: 9px"" /></td></tr>") Response.Write("<tr><td colspan=""2"" align=""center""><b style=""font-size: 9px""><font color=""#cc0000"">***Invalid Username</font></b></td></tr>") Response.Write("</table></center>") Response.Write("<script language=""JavaScript"">loginform.username.focus();</script>") ElseIf Request.Form("password") <> user.Fields.Item("password") then Response.Write("<center><table class=""bodytext"">") Response.Write("<form id=""loginform"" action=""usermain.asp"" method=""post"">") Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Username:</b></td><td><input type=""text"" name=""username"" value=""" & Request.Form("username") & """ size=""23"" style=""font-size: 9px"" /></td></tr>") Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Password:</b></td><td><input type=""password"" name=""password"" size=""23"" style=""font-size: 9px"" /></td></tr>") Response.Write("<tr><td colspan=""2"" align=""left""><a href=""userregister.asp"" style=""font-size: 9px; font-color=#4767AD"">Register</a> | <a href=""userpasswordremind.asp"" style=""font-size: 9px; font-color=#4767AD"">Retrieve Password</a> <input type=""hidden"" name=""loggingin"" value=""true"" /><input type=""submit"" value=""Login"" style=""font-size: 9px"" /></td></tr>") Response.Write("<tr><td colspan=""2"" align=""center""><b style=""font-size: 9px""><font color=""#cc0000"">***Invalid Password</font></b></td></tr>") Response.Write("</table></center>") Response.Write("<script language=""JavaScript"">loginform.password.focus();</script>") Else Session("loggedon") = "true" Session("username") = user.Fields.Item("username") Session("name") = user.Fields.Item("name") Session("customername") = user.Fields.Item("customername") Session("customerlocation") = user.Fields.Item("customerlocation") Session("customernumber") = user.Fields.Item("customernumber") Session("customerclass") = user.Fields.Item("customerclass") Session("orderpage") = 1 Session("logintype") = user.Fields.Item("logintype") Session("eqsheet") = user.Fields.Item("eqsheet") Session("cpsheet") = user.Fields.Item("cpsheet") Session("defshipco") = user.Fields.Item("shiptocompany") Session("defshipadd1") = user.Fields.Item("shiptoadd1") Session("defshipadd2") = user.Fields.Item("shiptoadd2") Session("defshipcity") = user.Fields.Item("shiptocity") Session("defshipstate") = user.Fields.Item("shiptostate") Session("defshipzip") = user.Fields.Item("shiptozip") Session("email") = user.Fields.Item("email") Response.Redirect("usermain.asp") End IfElse Response.Write("<center><table class=""bodytext"">") Response.Write("<form id=""loginform"" action=""usermain.asp"" method=""post"">") Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Username:</b></td><td><input type=""text"" name=""username"" size=""23"" style=""font-size: 9px"" /></td></tr>") Response.Write("<tr><td width=""10""><b style=""font-size: 9px"">Password:</b></td><td><input type=""password"" name=""password"" size=""23"" style=""font-size: 9px"" /></td></tr>") Response.Write("<tr><td colspan=""2"" align=""left""><a href=""userregister.asp"" style=""font-size: 9px; font-color=#4767AD"">Register</a> | <a href=""userpasswordremind.asp"" style=""font-size: 9px; font-color=#4767AD"">Retrieve Password</a> <input type=""hidden"" name=""loggingin"" value=""true"" /><input type=""submit"" value=""Login"" style=""font-size: 9px"" /></td></tr>") Response.Write("</table></center>")End If%> Any ideas?ThanksStephen Link to comment Share on other sites More sharing options...
justsomeguy Posted October 3, 2007 Share Posted October 3, 2007 In addition to session.abandon, go through each session value and unset it or set it to "" or 0 or something. Also, instead of using response.redirect after abandoning the session, write out a small HTML page that will do a meta refresh to the next page. That will help ensure that the browser will delete the session cookie if session.abandon is telling it to do that.<html><head><title>Thank You</title><meta http-equiv="refresh" content="1;url=index.asp" /></head><body>Thank You</body></html> Link to comment Share on other sites More sharing options...
stebo0728 Posted October 3, 2007 Author Share Posted October 3, 2007 Ok, thanks for the suggestions, i tried them with no luck, but in case anyone else needs the answer, I did figure it out.The problem is that the page is in the Response cache, and thus when you type it in the address bar then the browser just repaints the page from cache instead of evaluating the scriptthe solution is to add the following line to the top of any page that you want un-cachedResponse.Expires = 0That causes the response cache to expire immediately thus forcing the browser to re-evaluate the pageThanks Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.