how to logout safely?

what are the important factors for a safe logout?

how to prevent leak out info when back page ?

 

What kind of logout system are you using? Do you set a cookie, and then clear it when someone clicks logout?

 

first describe the login process and then we'll help you with logout

 

paste the code. or even tell us about that.


btw, logging out is like when user clicks on logout

click on logout > redirected to an other page > redirect to another page after clearing all the cookies or setting cookies variables.


what you say?

 

First of all I would hope you are using sessions for your login system as opposed to cookies. If you are then all you need to do is simply clear the session variable(s).

example:

<%
Session.Contents.Remove("user_id")
Session.Contents.Remove("username")
Response.Redirect("logged_out.asp")
%>

 

Invoking the Session.Contents.Remove method will delete the items from the session, but the session is still active until it times out or is explicitly destroyed using the Session.Abandon method. Just a thought.