...

View Full Version : how to destroy the sessions in asp



anitha2324
02-27-2007, 04:57 PM
how to destroy the sessions so that the user can not be able to review the page again after logging out of it (by entering the page address in the address bar)

nikkiH
02-27-2007, 05:34 PM
Are you calling Session.Abandon when they log out?
Are you checking for a valid Session in any page where you want them to not see it? (or expire the page using headers)

anitha2324
02-27-2007, 06:25 PM
in the main page am checking like

if session("VALID_LOGIN") <> "VALID" then

response.Redirect("surveyout.asp")

end if


session.Timeout = 10


Response.Buffer=true

Response.Expires=-1


'Response.Buffer=true

Response.CacheControl = "no-cache"

Response.AddHeader "Pragma", "no-cache"




and in the log out page i have the following code



session("VALID_LOGIN") =""
session("EncryptedEmpNO")=""
session("SURVEY_NO")=""
session("HiddenAlreadyExistsFlag")=""
session("LOGIN_ERROR")=""

session.Abandon

Session.Contents.RemoveAll()

session("VALID_LOGIN") =""
session("EncryptedEmpNO")=""
session("SURVEY_NO")=""
session("HiddenAlreadyExistsFlag")=""
session("LOGIN_ERROR")=""

Response.Redirect("thanks.asp")

nikkiH
02-27-2007, 09:54 PM
And do you have your checking code at the top of EVERY page you want protected by the session?
If not, you need to expire the content for every one.

SSJ
03-02-2007, 07:20 AM
Only session.abandon is enough to clear all session data..

-SSJ



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum