|
-
Oct 9th, 2005, 01:16 PM
#1
Thread Starter
Frenzied Member
Problems with session
Hi
I have an administrative area on my website. I protect these pages using sessions. The login part works fine. I can't view the protected pages if I havent first logged it, but my logout script doesn't work. After clicking logout, I can still view protected pages...
login.asp
Code:
<html>
<title>Admin</title>
<head>
<meta name="Microsoft Theme" content="ripple 1011">
</head>
<body>
<%
' Tjek om login og password er korrekte
If Request.Form("login") = "admin" AND Request.Form("password") = "somepassword" Then
' If correct login, then true
Session("login") = "true"
Session.Timeout = 30
Response.Write "<h1>You have been logged on!</h1>"
Response.redirect("protected.asp")
Else
' If incorrect login, then false
Session("login") = "false"
Session.Timeout = 30
Response.Write "<h1>Access Denied!</h1><br/>"
Response.Write"You could not be authorized to access the page you requested.<br/>"
Response.Write"Either the credentials you supplied are wrong, or you do not have permission to access this ressource. Please contact the administrator.<br/>"
Response.Write "<p><a href='login.html'>Back to login</a></p>"
End If
%>
</body>
</html>
Protected page:
Code:
<%
' If the user is not logged on
' he/she is sent back to login
If Session("login") <> "true" Then
Response.Redirect "login.html"
End If
%>
<html>
<title>Admin area</title>
<head>
<meta name="Microsoft Theme" content="ripple 1011">
</head>
<body>
<p align="center"><font size="5">Administrative Area</font></p>
<hr>
<p align="left"><b>File upload to server</b></p>
<form method="POST" enctype="multipart/form-data" action="--WEBBOT-SELF--">
<!--webbot bot="FileUpload" U-File="fpweb:///_private/form_results.csv" S-Format="TEXT/CSV" S-Label-Fields="TRUE" -->
<p align="left"><input type="file" name="F1" size="20"></p>
<p align="left"><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"></p>
</form>
<hr>
<p align="left"><b><a href="vnc.htm">VNC Connection to server</a></b></p>
<hr>
<p align="left"> </p>
<p align="left"><b><a href="logout.asp">Logout</a></b></p>
</body>
</html>
logout.asp
Code:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 1</title>
</head>
<body>
<%
Session("login") = "false"
Session.Timeout = 30
Session.Abandon
Response.redirect("login.html")
%>
</body>
</html>
Can anyone see whats wrong??
-
Oct 10th, 2005, 04:45 AM
#2
Member
Re: Problems with session
i wouldn't use Session("login") = "false" but False and True, this works more system based, and is safer.
And just Session.Abandon should clear all the session data, you don't need the other info.
VB Code:
btw
If Session("login") = False Then
Response.Redirect "login.html"
End If
would also do the trick.
you would have to edit the rest of the pages to have False and True instead of the "true" and "false".
-Dorbian
-
Oct 10th, 2005, 11:47 AM
#3
Thread Starter
Frenzied Member
Re: Problems with session
Hi
Even after making these changes, I can still access the protected pages after I "logout"...any ideas?
-
Oct 10th, 2005, 12:06 PM
#4
Thread Starter
Frenzied Member
Re: Problems with session
Solved! Disabled caching did the trick
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|