February 27th, 2003, 03:24 PM
Login security problems....
I`m building a site that needs login and then check that the user is logged in to visit several pages. The login-stuff is ok and I can do the check on the pages I want, but the problems is that after a user has logged out, he/she can still use the browsers "back-button" and display the contents on the previuos pages, but when reloading the pages my "not logged in" messages appears. Is there anything I can do to prevent the "backbutton" possibility?
My logout-page has only a "session.abandon" function for the logout-procedure.
February 27th, 2003, 08:10 PM
I include this header file in each "secure" page I use
If Session("LoginID") = "" Then
Response.redirect(Session("MyURL") & "/default.asp")
Response.Expires = -1500
Response.CacheControl = "no-cache"
If you are not logged in you get redirected to a "login" or "not authorized" page. If you use the back button you get a page can not be refreshed error msg.
Does this help?
February 28th, 2003, 02:35 AM
Thanks a lot.....you are the boss...!!