0

login.aspx

if (IsPostBack == false)
    {
        //destroy any login information
        Session["password"] = "false";
        Session["login"] = "false";
        Session.Abandon();
        Session.RemoveAll();
    }

    if (TextBox2.Text == main_password)
        {//then he is website server admin

            Session["password"] = "password";
            Session["login"] = "true";
            Response.Redirect("~/TABLE.aspx");

        }

table.aspx

    //checking if website server admin
    if ("password" == (string)Session["password"])
    {
        link_logout.Enabled = true;

    }//if ends
    else
    {//not authorized
        Response.Redirect("~/Identify.aspx");
    }//else ends

When I click the logout link

  • the login page gets loaded, causing destruction of all the session states.
  • the login page confirms to that when I use response.write to view the values of the session variables.
  • when I give user name and password and click login, it redirects to table page.
  • when I click logout, it redirects to login page and login page destroys info.

Problem

  • after the login information destroyed, then i click table link it goes to table page, as says NO NO and redirects to login page.
  • BUT if I copy paste the url of the table page, then no matter what I do, it allows me view the page. That is it takes the value of the session variable and evalutes to TRUE, even when the values were destroyed.

I can't use asp.net login functions, my limitations do not allow me to use that control.

halfer
  • 18,701
  • 13
  • 79
  • 158
user287745
  • 2,847
  • 9
  • 49
  • 97
  • 3
    Are you sure you are not just seeing a cached version of the page? `Session` does not automatically 'resurrect' values you have removed from it. – Andrew Barber Nov 14 '10 at 03:51
  • That's a browser issue, not something you can force from the server. Internet Explorer exposes that setting better than the other browsers, but they all have a setting about get new page per request – jcolebrand Nov 14 '10 at 04:26

2 Answers2

2

You're seeing a cached version of the page in the browser.

If you press Ctrl+F5, it should go away.

SLaks
  • 800,742
  • 167
  • 1,811
  • 1,896
  • how do i remove this cahce versioned? any way by c#? – user287745 Nov 14 '10 at 04:24
  • This is a client-side cache in the browser. You cannot remove it on the server. However, you can log off in a postback while staying in the page, so that the browser will see a new version of the page without any content. Note that this will only help for the last page. – SLaks Nov 14 '10 at 04:27
  • You can also set No-Cache headers, which the browsers may ignore. – SLaks Nov 14 '10 at 04:27
  • @SLaks ~ Isn't the "log off in a postback" what I suggested? Making sure we're all on the same page. – jcolebrand Nov 14 '10 at 04:28
  • @drachenstern: Doing a server response redirect as you suggested will defeat the purpose. You need to return actual content in the same page to replace the cached version. Server.Transfer would help, though. – SLaks Nov 14 '10 at 04:32
1

Make link_logout a linkbutton, put a onclick to the page, and in the onclick remove the session variables. Then do a server response redirect.

jcolebrand
  • 15,923
  • 10
  • 71
  • 117
  • I don't think that will help. – SLaks Nov 14 '10 at 04:00
  • @SLaks I'm pretty sure of it too, but if he wants to force it to be clear when he clicks the logout button, then instead of relying on the login page to clear it, he should clear it there. Since he can't use the login control. – jcolebrand Nov 14 '10 at 04:09
  • thanks, nice idea will use it but prob is as mentioned by @Slaks – user287745 Nov 14 '10 at 04:24
  • I'm sure it is, but I wanted you to have a foolproof method to make sure the session is cleared too, at least for testing. – jcolebrand Nov 14 '10 at 04:25