Hi
I have an administrative area on my website. I protect these pages using sessions. The login part works fine. I can't view the protected pages if I havent first logged it, but my logout script doesn't work. After clicking logout, I can still view protected pages...

login.asp
Code:
<html>
<title>Admin</title>
<head>
<meta name="Microsoft Theme" content="ripple 1011">
</head>
<body>
<%
' Tjek om login og password er korrekte
If Request.Form("login") = "admin" AND Request.Form("password") = "somepassword" Then

' If correct login, then true
  Session("login") = "true"
  Session.Timeout = 30
  Response.Write "<h1>You have been logged on!</h1>"
  Response.redirect("protected.asp")

Else

' If incorrect login, then false
  Session("login") = "false"
  Session.Timeout = 30
  Response.Write "<h1>Access Denied!</h1><br/>"
  Response.Write"You could not be authorized to access the page you requested.<br/>"
  Response.Write"Either the credentials you supplied are wrong, or you do not have permission to access this ressource. Please contact the administrator.<br/>"
  Response.Write "<p><a href='login.html'>Back to login</a></p>"

End If
%>
</body>
</html>
Protected page:
Code:
<%
' If the user is not logged on
' he/she is sent back to login

If Session("login") <> "true" Then
  Response.Redirect "login.html"
End If

%>
<html>
<title>Admin area</title>
<head>
<meta name="Microsoft Theme" content="ripple 1011">
</head>
<body>
<p align="center"><font size="5">Administrative Area</font></p>
<hr>
<p align="left"><b>File upload to server</b></p>
<form method="POST" enctype="multipart/form-data" action="--WEBBOT-SELF--">
	<!--webbot bot="FileUpload" U-File="fpweb:///_private/form_results.csv" S-Format="TEXT/CSV" S-Label-Fields="TRUE" -->
	<p align="left"><input type="file" name="F1" size="20"></p>
	<p align="left"><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"></p>
</form>
<hr>
<p align="left"><b><a href="vnc.htm">VNC Connection to server</a></b></p>
<hr>
<p align="left">&nbsp;</p>
<p align="left"><b><a href="logout.asp">Logout</a></b></p>
</body>
</html>

logout.asp
Code:
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 1</title>
</head>

<body>
<%

Session("login") = "false"
Session.Timeout = 30
Session.Abandon
Response.redirect("login.html")
%>

</body>

</html>
Can anyone see whats wrong??