Hi
I have an administrative area on my website. I protect these pages using sessions. The login part works fine. I can't view the protected pages if I havent first logged it, but my logout script doesn't work. After clicking logout, I can still view protected pages...
login.asp
Protected page:Code:<html>
<title>Admin</title>
<head>
<meta name="Microsoft Theme" content="ripple 1011">
</head>
<body>
<%
' Tjek om login og password er korrekte
If Request.Form("login") = "admin" AND Request.Form("password") = "somepassword" Then
' If correct login, then true
Session("login") = "true"
Session.Timeout = 30
Response.Write "<h1>You have been logged on!</h1>"
Response.redirect("protected.asp")
Else
' If incorrect login, then false
Session("login") = "false"
Session.Timeout = 30
Response.Write "<h1>Access Denied!</h1><br/>"
Response.Write"You could not be authorized to access the page you requested.<br/>"
Response.Write"Either the credentials you supplied are wrong, or you do not have permission to access this ressource. Please contact the administrator.<br/>"
Response.Write "<p><a href='login.html'>Back to login</a></p>"
End If
%>
</body>
</html>
Code:<%
' If the user is not logged on
' he/she is sent back to login
If Session("login") <> "true" Then
Response.Redirect "login.html"
End If
%>
<html>
<title>Admin area</title>
<head>
<meta name="Microsoft Theme" content="ripple 1011">
</head>
<body>
<p align="center"><font size="5">Administrative Area</font></p>
<hr>
<p align="left"><b>File upload to server</b></p>
<form method="POST" enctype="multipart/form-data" action="--WEBBOT-SELF--">
<!--webbot bot="FileUpload" U-File="fpweb:///_private/form_results.csv" S-Format="TEXT/CSV" S-Label-Fields="TRUE" -->
<p align="left"><input type="file" name="F1" size="20"></p>
<p align="left"><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"></p>
</form>
<hr>
<p align="left"><b><a href="vnc.htm">VNC Connection to server</a></b></p>
<hr>
<p align="left"> </p>
<p align="left"><b><a href="logout.asp">Logout</a></b></p>
</body>
</html>
logout.asp
Can anyone see whats wrong??Code:<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 1</title>
</head>
<body>
<%
Session("login") = "false"
Session.Timeout = 30
Session.Abandon
Response.redirect("login.html")
%>
</body>
</html>
