how to ensure tat when a user had logged in to my eshop and when they click on the log out button, it is REALLY log out.i mean that when they click the BACK button on top they must re-enter their login name and password for security measures something like hotmail. pls help thanks!

The logout button would either clear out the cookie or session variable. Set it to "" upon clicking it.

At the top of every page then check the value of the session variable or cookie to determine if they're logged in.

<%Session.Abandon%>
<!--#include file = "topFrame.htm"-->

<%
If Session("PersonID")="" Then
Response.Redirect "Logout.asp"
End If
%>

<html>
<head>
<title>Log Out page</title>

<body>
<div align="center">
<p><strong><font size="5" face="Garamond">GOODBYE.</font></strong></p>
<p><strong><font size="5" face="Garamond">You have successfully log out.</font></strong></p>
<p><font face="Garamond">If you wish to request for stationery again , please
click link below to re-Enter.</font></p>
<p><font size="3" face="Garamond"><strong>Thank You for using NYP E-BOOKSTORE.
</strong></font></p>
<p>&nbsp;</p>
<p><strong><em>Click link below to Re-enter ,</em></strong></p>
<p><font size="4" face="Garamond"><a href="login.asp"><strong><em> Re - Enter</em></strong></a></font></p>
<p><font size="4" face="Garamond"><em><strong>or</strong></em></font></p>
<p><strong><em> else just cancel the program.</em></strong></p>
</div>
</body>
</head>
</html>



still cannot... i added the following code for my logout.asp pls help

Stan,

you need to do three things:
-after logging in, set the session-variable to a value, on the log off-page, set the value to 0
- on each page, check the value from the session-variable
- to prevent that people use the browsers history to jump back to cached pages (cached on the browser), you need to make each page expire immedeately.

like this (extract from helpfile)
-------------------------------------------------------------------------

The Expires property specifies the length of time before a page cached on a browser expires. If the user returns to the same page before it expires, the cached version is displayed.

Syntax
Response.Expires [= number]

Parameters
number
The time in minutes before the page expires. Set this parameter to 0 to have the cached page expire immediately.
Remarks
If this property is set more than once on a page, the shortest time is used.
-----------------------------------------------------------------------------

Hope this helps.

Stan,

When I use sessions I will write a very simple logout page that looks something like this:

************ Log Out page ***********************
<% 'Clear session and send to login screen.

Response.Buffer = true
Session.Abandon
Response.Redirect("Your Redirect here")

%>
***********************************************
Once I call the session.Abandon page it clears my session variable(s). Also you need to set your cache to 0

Response.Expires = -1500 ' This ensures nothing will be cached.


hope this helps,

Tsbarnes