site logout

M

Matt Shudy

Hi,

I just made password protected site from the example on
http://www.4guysfromrolla.com/webtech/050499-1.shtml
I would like to make a logout page. Right now, I just
made a page that sets the Session("bolAuthenticated")
=False, but in order for this to work and actually log off
the user, they would have to refresh each page that they
visited. Is there a way to automatically refresh the
page? Or is there a better way to go about a logout
page? Here is the code I use for the logout page:
If Request.Form("Logout") = "Logout" Then
Session("bolAuthenticated") = False
Session("Location") = ""
End If

Then just a text message...

Thanks,

Matt Shudy
 
J

Jon Spivey

Hi Matt,
you'd abandon the session and then probably send them to another page, eg
If Request.Form("Logout") = "Logout" Then
Session.abandon
response.redirect "loggedout.asp"
End If
 
M

Matt Shudy

Hi,

I just made those changes, but I run into the same
problem... If the user were to hit back, they can still
get into the pages they visited. Do i just have to live
with that? Or is there a way to refresh the page one time
right away when the page starts to load?

Thanks,

Matt
 
J

Jon Spivey

Hi Matt,
I just looked at the code, session.abandon will destroy all session vars, so
in this line
If Session("bolAuthenticated") = False Then
Response.Redirect "/authenticate.asp?" &
Server.URLEncode(Request.ServerVariables("SCRIPT_NAME"))
End If
Session("bolAuthenticated") = False will also be destroyed - hence the user
will still have access because the session var is not = false (it doesn't
exist any more) So if you use my code change the above to
If Session("bolAuthenticated") <> true Then

Or you could do it the other way around - keep the 4guys code as it is and
change your logout to
If Request.Form("Logout") = "Logout" Then
Session("bolAuthenticated") = False
response.redirect "loggedout.asp"
End If

Jon
 
M

Matt Shudy

Thanks for your help.

Matt
-----Original Message-----
Hi Matt,
I just looked at the code, session.abandon will destroy all session vars, so
in this line
If Session("bolAuthenticated") = False Then
Response.Redirect "/authenticate.asp?" &
Server.URLEncode(Request.ServerVariables("SCRIPT_NAME"))
End If
Session("bolAuthenticated") = False will also be destroyed - hence the user
will still have access because the session var is not = false (it doesn't
exist any more) So if you use my code change the above to
If Session("bolAuthenticated") <> true Then

Or you could do it the other way around - keep the 4guys code as it is and
change your logout to
If Request.Form("Logout") = "Logout" Then
Session("bolAuthenticated") = False
response.redirect "loggedout.asp"
End If

Jon





.
Click to expand...
 
M

Mike Mueller

Matt Shudy said:
Hi,

I just made password protected site from the example on
http://www.4guysfromrolla.com/webtech/050499-1.shtml
I would like to make a logout page. Right now, I just
made a page that sets the Session("bolAuthenticated")
=False, but in order for this to work and actually log off
the user, they would have to refresh each page that they
visited. Is there a way to automatically refresh the
page? Or is there a better way to go about a logout
page? Here is the code I use for the logout page:
If Request.Form("Logout") = "Logout" Then
Session("bolAuthenticated") = False
Session("Location") = ""
End If

Then just a text message...

Thanks,

Matt Shudy
Click to expand...

Matt-
I use their code also and I have a link to logoff.asp, which has the
following code on it:
<%
Session("bolAuthenticated") = False
response.redirect "insertdestinationpagehere"
%>
Mike
 
M

Matt Shudy

Hey Mike,

Do you run into this problem... After the user has been
redirected to the loggedout.asp page, is the user able to
hit the browsers back button, and then view the protected
pages until the refresh button is hit?

Matt
 
T

Thomas A. Rowe

Matt,

When testing if the user is logged in, always test for a positive value or a
known value, then when you call session.abandon or the session times out,
all values will default to nothing, therefore even if the user uses the
browser back button, they will be taken to the log in page.

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Logout Script 2
Forms Authentication Problem: Session expired, pages can still be visited. 1
Logout facility 6
Single login/logout for two different websites: How? 1
logout button on password protected directory 4
Forced user logout in 2.0 3
reload of page required after formsAuthentication signout / logout? 1
asp.net and logout problem & loginstatus 1

Top