Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Feb 2007
    Posts
    37
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Exclamation how to destroy the sessions in asp

    how to destroy the sessions so that the user can not be able to review the page again after logging out of it (by entering the page address in the address bar)

  • #2
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    Are you calling Session.Abandon when they log out?
    Are you checking for a valid Session in any page where you want them to not see it? (or expire the page using headers)

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #3
    New Coder
    Join Date
    Feb 2007
    Posts
    37
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Exclamation

    in the main page am checking like

    if session("VALID_LOGIN") <> "VALID" then

    response.Redirect("surveyout.asp")

    end if


    session.Timeout = 10


    Response.Buffer=true

    Response.Expires=-1


    'Response.Buffer=true

    Response.CacheControl = "no-cache"

    Response.AddHeader "Pragma", "no-cache"




    and in the log out page i have the following code



    session("VALID_LOGIN") =""
    session("EncryptedEmpNO")=""
    session("SURVEY_NO")=""
    session("HiddenAlreadyExistsFlag")=""
    session("LOGIN_ERROR")=""

    session.Abandon

    Session.Contents.RemoveAll()

    session("VALID_LOGIN") =""
    session("EncryptedEmpNO")=""
    session("SURVEY_NO")=""
    session("HiddenAlreadyExistsFlag")=""
    session("LOGIN_ERROR")=""

    Response.Redirect("thanks.asp")

  • #4
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    And do you have your checking code at the top of EVERY page you want protected by the session?
    If not, you need to expire the content for every one.

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #5
    SSJ
    SSJ is offline
    Regular Coder
    Join Date
    Mar 2007
    Posts
    230
    Thanks
    0
    Thanked 4 Times in 4 Posts
    Only session.abandon is enough to clear all session data..

    -SSJ


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •