session variable

D

dave

Hi all
I'm newbie to asp.net and building simple pages using vb.net.
I have got three pages default.aspx (which is login page), index.aspx and logout.aspx.

In logout.aspx i have put following code...
Session.Clear()

Session.RemoveAll()

Session.Abandon()

Response.Redirect("default.aspx")



In Index.aspx I have following code in page load event..

If Session("login") = "" Then 'this session variable is created from default.aspx on successful login which store user login name

Response.Redirect("default.aspx")

End If

But somehow after hitting logout link from index.aspx it still keeps session("login") value though it redirect to default.aspx..

After tht if i try to execute page directly index.aspx (on same browser window), the page index.aspx is displayed..(which is basically should not be displayed.) ...When I hit refresh it redirects to default.aspx but url remains the same with index.aspx

Below is web.config snippet...

<sessionState

mode="InProc"

stateConnectionString="tcpip=127.0.0.1:42424"

sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"

cookieless="false"

timeout="20"

/>

Anyone has any clue why its happening like this??

Any help would be appreciated..

Thanx in advance

dave
 
K

Karl Seguin

A couple comments. First off, you might save yourself a handful of lines of code as well as this problem if you used the built-in FormsAuthentication:
http://www.15seconds.com/issue/020220.htm
http://www.15seconds.com/issue/020305.htm


I suspect they are getting to index.aspx because the page is cached...hence when they force a refresh they are being logged out. You might want to look at :
http://www.15seconds.com/issue/010202.htm
which will tell you how to make sure the browser doesn't cache the page.


As for why ur session doesn't clear, you might wanna try Response.Redirect("default.aspx", false) If that works check out :
http://weblogs.asp.net/bleroy/archive/2004/08/03/207486.aspx for why....not sure if that applies to clearing session though, don't think so.

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to come!)


Hi all
I'm newbie to asp.net and building simple pages using vb.net.
I have got three pages default.aspx (which is login page), index.aspx and logout.aspx.

In logout.aspx i have put following code...
Session.Clear()

Session.RemoveAll()

Session.Abandon()

Response.Redirect("default.aspx")



In Index.aspx I have following code in page load event..

If Session("login") = "" Then 'this session variable is created from default.aspx on successful login which store user login name

Response.Redirect("default.aspx")

End If

But somehow after hitting logout link from index.aspx it still keeps session("login") value though it redirect to default.aspx..

After tht if i try to execute page directly index.aspx (on same browser window), the page index.aspx is displayed..(which is basically should not be displayed.) ...When I hit refresh it redirects to default.aspx but url remains the same with index.aspx

Below is web.config snippet...

<sessionState

mode="InProc"

stateConnectionString="tcpip=127.0.0.1:42424"

sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"

cookieless="false"

timeout="20"

/>

Anyone has any clue why its happening like this??

Any help would be appreciated..

Thanx in advance

dave
 
H

Hans Kesting

Hi all
I'm newbie to asp.net and building simple pages using vb.net.
I have got three pages default.aspx (which is login page), index.aspx and logout.aspx.

In logout.aspx i have put following code...
Session.Clear()

Session.RemoveAll()

Session.Abandon()

Response.Redirect("default.aspx")



In Index.aspx I have following code in page load event..

If Session("login") = "" Then 'this session variable is created from default.aspx on successful login which store user login name

Response.Redirect("default.aspx")

End If

In C# I would not check for an empty string, but for null. In VB you might need to
check for "Nothing".
You don't store "strings" in Session, you store "objects". A string is a perfectly
valid object, so you can store it without problems. But if the Session variable
has been removed, it's *removed* (not there, nothing), not an empty string.
But somehow after hitting logout link from index.aspx it still keeps session("login") value though it redirect to default.aspx..

After tht if i try to execute page directly index.aspx (on same browser window), the page index.aspx is displayed..(which is basically should not be displayed.) ...When I hit refresh it redirects to default.aspx but url remains the same with index.aspx

If you use Redirect, you instruct the browser to go to a different URL, so that other
URL should be displayed (If you had used Transfer, this would not be the case, as that
works entirely server-side). So you are not "redirected" to default.aspx, but something else
happened.

Hans Kesting
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Session variables dropped using Redirect 2
Config Session Timeout 1
Stored Session object is mixed up with another user's session object. 2
New Session with each page change 1
Session Timeout 4
Timeout on web page is too short, changing web.config seems to have no affect 2
Losing Session Variables during Response.Redirect??? 3
Session Timeout problems-web.confg session state and IIS session s 4

Top