#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2002
    Location
    Norway
    Posts
    57
    Rep Power
    12

    Login security problems....


    Hi..

    I`m building a site that needs login and then check that the user is logged in to visit several pages. The login-stuff is ok and I can do the check on the pages I want, but the problems is that after a user has logged out, he/she can still use the browsers "back-button" and display the contents on the previuos pages, but when reloading the pages my "not logged in" messages appears. Is there anything I can do to prevent the "backbutton" possibility?

    My logout-page has only a "session.abandon" function for the logout-procedure.


    Freddy....
  2. #2
  3. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2003
    Location
    Minneapolis, MN
    Posts
    11
    Rep Power
    0
    I include this header file in each "secure" page I use

    <%
    If Session("LoginID") = "" Then
    Response.redirect(Session("MyURL") & "/default.asp")
    End If

    Response.Expires = -1500
    Response.CacheControl = "no-cache"
    %>

    If you are not logged in you get redirected to a "login" or "not authorized" page. If you use the back button you get a page can not be refreshed error msg.

    Does this help?
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2002
    Location
    Norway
    Posts
    57
    Rep Power
    12
    Thanks a lot.....you are the boss...!!


    Freddy....

IMN logo majestic logo threadwatch logo seochat tools logo