Hi
I have an administrative area on my website. I protect these pages using sessions. The login part works fine. I can't view the protected pages if I havent first logged it, but my logout script doesn't work. After clicking logout, I can still view protected pages...
login.asp
Protected page:Code:<html> <title>Admin</title> <head> <meta name="Microsoft Theme" content="ripple 1011"> </head> <body> <% ' Tjek om login og password er korrekte If Request.Form("login") = "admin" AND Request.Form("password") = "somepassword" Then ' If correct login, then true Session("login") = "true" Session.Timeout = 30 Response.Write "<h1>You have been logged on!</h1>" Response.redirect("protected.asp") Else ' If incorrect login, then false Session("login") = "false" Session.Timeout = 30 Response.Write "<h1>Access Denied!</h1><br/>" Response.Write"You could not be authorized to access the page you requested.<br/>" Response.Write"Either the credentials you supplied are wrong, or you do not have permission to access this ressource. Please contact the administrator.<br/>" Response.Write "<p><a href='login.html'>Back to login</a></p>" End If %> </body> </html>
Code:<% ' If the user is not logged on ' he/she is sent back to login If Session("login") <> "true" Then Response.Redirect "login.html" End If %> <html> <title>Admin area</title> <head> <meta name="Microsoft Theme" content="ripple 1011"> </head> <body> <p align="center"><font size="5">Administrative Area</font></p> <hr> <p align="left"><b>File upload to server</b></p> <form method="POST" enctype="multipart/form-data" action="--WEBBOT-SELF--"> <!--webbot bot="FileUpload" U-File="fpweb:///_private/form_results.csv" S-Format="TEXT/CSV" S-Label-Fields="TRUE" --> <p align="left"><input type="file" name="F1" size="20"></p> <p align="left"><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"></p> </form> <hr> <p align="left"><b><a href="vnc.htm">VNC Connection to server</a></b></p> <hr> <p align="left"> </p> <p align="left"><b><a href="logout.asp">Logout</a></b></p> </body> </html>
logout.asp
Can anyone see whats wrong??Code:<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>New Page 1</title> </head> <body> <% Session("login") = "false" Session.Timeout = 30 Session.Abandon Response.redirect("login.html") %> </body> </html>




Reply With Quote