MattyJim
01-19-2007, 11:16 PM
hello!
ok, here's my current situation:
1. i have an .asp that acts as a simple login page containing a form with two fields (login and password) and a submit button.
when the user supplies details, the data is checked against a database.
2. assuming that the user's details are correct, i then redirect them (using response.redirect() to a seperate .asp that acts as my main application.
this .asp contains a form with a logout button.
when the user clicks the logout button, they are redirected back to the login .asp
what i want to do, but can't quite seem to achieve, is to use the logout button as a security measure that will not only return the user to the login .asp, but will also prevent them from reaccessing the main .asp simply by clicking the back button on their browser.
i'd like to do this without having to resort to any client-side scripting, putting everything in a single .asp or messing around with the user's browser in any way. i'd rather not even rely on cookies, being that a user could simply disable them and not be able to use my application.
is there any means to make the main application .asp timeout somehow, or would it be more secure to keep checking the user's credentials against the database?
am i going about this the wrong way altogether?
this is really doing my head in, so it would be just ace if you could help me out.
thanks! :)
PS - i'm using vbScript; just in case it makes any difference
ok, here's my current situation:
1. i have an .asp that acts as a simple login page containing a form with two fields (login and password) and a submit button.
when the user supplies details, the data is checked against a database.
2. assuming that the user's details are correct, i then redirect them (using response.redirect() to a seperate .asp that acts as my main application.
this .asp contains a form with a logout button.
when the user clicks the logout button, they are redirected back to the login .asp
what i want to do, but can't quite seem to achieve, is to use the logout button as a security measure that will not only return the user to the login .asp, but will also prevent them from reaccessing the main .asp simply by clicking the back button on their browser.
i'd like to do this without having to resort to any client-side scripting, putting everything in a single .asp or messing around with the user's browser in any way. i'd rather not even rely on cookies, being that a user could simply disable them and not be able to use my application.
is there any means to make the main application .asp timeout somehow, or would it be more secure to keep checking the user's credentials against the database?
am i going about this the wrong way altogether?
this is really doing my head in, so it would be just ace if you could help me out.
thanks! :)
PS - i'm using vbScript; just in case it makes any difference