Everybody! This is important. In a few days, these forums will be moving over to using the totally sweet Discourse platform. To ensure this migration happens smoothly with no loss of content, these forums are currently in a read-only mode. I do apologize for the inconvenience.

There is never a good time to turn the forums off for an extended period of time, but I promise the new forums will be a billion times better. I'm pretty sure of it.

See you all on the other side in a few days, and if you have any (non-technical) questions, please e-mail me at kirupa@kirupa.com. For technical questions, try to find a tutorial that corresponds to what you are looking for and post in the comments section of that page.

Cheers,
Kirupa

Page 1 of 2 12 LastLast
Results 1 to 15 of 21

Thread: how to stop backward after logout in asp?

  1. #1

    how to stop backward after logout in asp?

    Hello, I have logout page in asp for session abandon. But after user logout and press back button, the page can still go one page back. How should I modify the code so that the user cannot go backward or if he go backward, there will be warning page to say that the page are expired like those official mailbox.

    Thanks very much in advance and wait for your reply!

  2. #2
    Although I have no idea how to do this (I know nothing about ASP) what you would probably need to is set a cookie that determines if they are logged in or not, and then check that cookie when the page is loaded. If they are logged in, they can view, else they get an error message.

  3. #3
    4,029
    posts
    home cooking is killing the restaurant industry
    That would be quite insecure... you could get to the page by simply changing the cookies' value to 1.
    There are only 10 kinds of people in this world:
    Those that might know ternary, those that do, and those that don't
    Say NO to DRM.

  4. #4
    More secure than allowing to go back no matter what

    And it depends on how it is done as well, you don't just have to use true of false, or if ASP has the ability to delete a cookie you can check if the cookie even exists or not.

  5. #5
    4,029
    posts
    home cooking is killing the restaurant industry
    Originally posted by lostinbeta
    More secure than allowing to go back no matter what

    And it depends on how it is done as well, you don't just have to use true of false, or if ASP has the ability to delete a cookie you can check if the cookie even exists or not.
    LOL

    In PHP you can use session_destroy to destroy a session... I don't know about the equivalent in ASP tho... you'll have to wait for abzoid
    There are only 10 kinds of people in this world:
    Those that might know ternary, those that do, and those that don't
    Say NO to DRM.

  6. #6
    prstudio
    n/a
    posts
    Guest
    Ok there are two methods that I like.

    One set how long the page exists in cache. This setting will allow the page to refresh on each access.

    <%Response.Expires=-1%>

    Now if you have written a cookie to say they are logged in:
    <%
    Response.Cookies("login")="true"
    %>

    then you want to write over that cookie in your logout script:

    <%
    Response.Cookies("login")="false"
    %>

    Then of course on each page that is a "secure location" you want to put a script that checks that 'login' cookie to see if they are logged in...

    <% Dim logincheck

    logincheck = Request.Cookies("login")

    if logincheck <> "true"
    then Response.Redirect "http://www.blah.com/loginerror.asp"
    end if
    %>

    That is one way of doing a login script.

    However it is not the most secure.

    There are sessions(very secure) then there are ways of combining database entries and cookies with random number generator scripts that triple check everything.

    Hope that helps, if you need anything more. Let me know.

  7. #7
    prstudio
    n/a
    posts
    Guest
    What happens in one of my favorite scripts...(cause its hard and complex lol)

    Is this.

    When you access my site.

    You try and login.

    If you are a user you enter your name and password.

    The script checks the database for that password and user combo.

    If it exists.

    A random number generator generates a number and stores it in one field of the database. It then stores the same number in the cookie value on your machine.

    Now each page after that, I have a script check the value in the database with the value in your cookie. If they match you may proceed. If they do not then no access.

    Now when the person logs-off... a second random number is generated and stored in one of the locations; making it to where the numbers no longer match.

    That way the next person that comes along on the computer cannot just "edit" the cookies to access it.

    The random number is around 30 characters long.

    Again, if the cookie number doesn't match the database number; then no access.

    Keys here are to protect the database. Most server companies have the database in a separate non-public area of the server.

    There are other ways to do this. But that above way is just fun and extremely secure.

  8. #8
    If I were going to do this, and I have on more than a few web sites, I'd use a simple session variable instead of messing with client side cookies.

    When the user logs in set session("user") = {username from database lookup}.
    When the user logs out set session("user") = "".
    On every secure page check to see if session("user") = "" and if it does then redirect to login page.

    Simple yet quite secure.

  9. #9
    reverendflash's Avatar
    5,671
    posts
    Unable to dance, I'll still crawl.
    or, you could always just nest a whole bunch of [edit]frames[/edit], so the browser freezes, causing a restart, therefore clearing the history...



    Rev

  10. #10
    prstudio
    n/a
    posts
    Guest
    rofl yeah with about three java lake applets in each table set

  11. #11
    reverendflash's Avatar
    5,671
    posts
    Unable to dance, I'll still crawl.
    oops, not tables, I meant frames...set up a frameset with 2 frames. Inside each of those 2 frames, 2 frames open up. Inside each of those 4 frames, 2 frames open up...

    etc... until crash...

    you can even use a random color script on the html pg to make it real purty before it shuts down...

  12. #12
    roflmao, do you have an example? lol

  13. #13
    You just have one or both of the frames load the main frameset page as one of it's content pages. For example:

    Save the following code as frameset.html
    PHP Code:
    <html>
    <
    head>
    <
    title>Crasher</title>
    </
    head>

    <
    frameset cols="50%,50%">
      <
    frame src="frameset.html">
      <
    frame src="frameset.html">
    </
    frameset>

    </
    html
    We used to put pages like this as index.html in directories where no one had any business trying to see a directory listing. Mwuahahahaha
    Last edited by abzoid; November 2nd, 2003 at 02:52 AM.

  14. #14
    reverendflash's Avatar
    5,671
    posts
    Unable to dance, I'll still crawl.
    I have to confess...

    abzoid's the guy who told me about this... something like 5 years ago...

    Rev

  15. #15
    that is hilarious lol
    too bad i'm too lazy to put that in an html page and see if it works... also too lazy to do the random background

    theres also a way to crash ie with only five lines of code:
    PHP Code:
    <html>
    <
    form>
    <
    input type crash>
    </
    form>
    </
    html

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012