Can anyone enlighten me on this matter?

I want my user to logout after using my web application. I have the logout behavior in the administrator page and upon logging out, the user is being transported to the login page. I read from some books that this will kill the session. My understanding is, when the user click on the go previous page button, he should be unable to do so since the session has been killed, but not so, unless the user close the browser, he is still able to go back to the previous page. and he is still able to perform all the administrative stuff. I have seen some site, whereby the user logout and goes to the loggin page, he is unable to view the previous page, instead he will be prompted for re-loggin in. How do I get this done on UD4? Anyone? Is global.asa neccessary in this case?

Please help me.

Regards,

Lonetree

Try "emptying" the session varable as well as the abandon function, something like:

<%
Session("Username" = NULL
Session.Abandon
%>

Regards

Owen.

Multiple Parameter UD4 / Access 2000 Database Search Tutorial:
www.tdsf.co.uk/tdsfdemo

This also has to do with the fact that just becuase you issue a SESSION.ABANDON, does not mean the session is not still active. Sessions only die after their Timeout period elapses (default to 20 mins on an IIS 5.x server) Oeastwick's method has you set all session values to NULL so if they still use the active session, it'll at least not contain any information. It's a good way of securing data that was in the session.

Aegis Kleais
New Media Web Developer
(DWMX : IIS5.1 : SQL2K : WXP : ASP[VB/JS])

Than you so much for the information, oeastwick, aegiskleais.

<img src=../images/dmxzone/forum/icon_smile.gif border=0 align=middle>

cheers


<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
This also has to do with the fact that just becuase you issue a SESSION.ABANDON, does not mean the session is not still active. Sessions only die after their Timeout period elapses (default to 20 mins on an IIS 5.x server) Oeastwick's method has you set all session values to NULL so if they still use the active session, it'll at least not contain any information. It's a good way of securing data that was in the session.

Aegis Kleais
New Media Web Developer
(DWMX : IIS5.1 : SQL2K : WXP : ASP[VB/JS])
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>

I'm thinking that this

&lt;%
Session("Username" = NULL
Session.Abandon
%&gt;

can't be done using the standard macromedia logout behaviour because it abandons the session before you can tell it that the session variable is NULL.
So what I propose to do is make my "logout" buttons link to a goodbye page with this in it
&lt;%
Session("Username" = NULL
%&gt;
and then put the macromedia logout behaviour on this page set to logout when page loads. Would this work??



Edited by - Davecl on 31 Jul 2002 18:05:04

I'm sure oeastwick knows that you have to HAND CODE his reply and not assume that all things can be automated in DMX. It'd be easy enough if you know ASP, that you just locate where DMX puts the Session.Abandon line and just insert the Session("Username" = NULL before it (hand-coding).

As awesome as DMX is with website management, it won't do EVERYTHING for ya. No code editor will.

Aegis Kleais
New Media Web Developer
(DWMX : IIS5.1 : SQL2K : WXP : ASP[VB/JS])

Sorry if my previous post made it sound as though i was getting at oeastwick in any way, I do not know very much ASP at all and was merely thinking aloud.
Once i looked at the code that the standard log out puts on the page i realised that i could just insert the Session("Username" = NULL before the session abandon.(I didnt realise that it just put a session abandon on the page, i was presuming that it put it's own code in the page that a newbie like me would have trouble interpreting)
However I have decided to go with the logout on the goodbye page anyway so that i dont need a logout behaviour on every page just a link to the goodbye page.
Again sorry, if i sounded as if i was having a go at anybody, i would never do that as i really appreciate all the help that you guys give out on here.

Dave

It's no prob Davecl

You've just shown that a close examination of the code that MM uses can allow you to read up on it, understand it, and modify it to your needs. And that's all part of the learning process. Data security is a big thing, and I'm currently working on a system too that doesn't have this method implemented. I think I'll go make the changes right now!

Aegis Kleais
New Media Web Developer
(DWMX : IIS5.1 : SQL2K : WXP : ASP[VB/JS])

[Hi there is there anyway of only killing certain sessions? whilst leaving the rest running? Dreamweaver MX2004 ASP site? Thank youquote]
It's no prob Davecl

You've just shown that a close examination of the code that MM uses can allow you to read up on it, understand it, and modify it to your needs. And that's all part of the learning process. Data security is a big thing, and I'm currently working on a system too that doesn't have this method implemented. I think I'll go make the changes right now!

Aegis Kleais
New Media Web Developer
(DWMX : IIS5.1 : SQL2K : WXP : ASP[VB/JS])

&lt;%
Session("sessionname" = NULL
%&gt;

would set any particular session variable as null, so yes you can do it for individual ones but leave others alone.



ASP|VBScript|IIS5.1|Access|WinXPPro & WinXPHome.

Will this work too?
Session.Contents.Remove("SessionName";<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
&lt;%
Session("sessionname" = NULL
%&gt;

would set any particular session variable as null, so yes you can do it for individual ones but leave others alone.



ASP|VBScript|IIS5.1|Access|WinXPPro & WinXPHome.
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>