Prevent backing into a site once you leave it, using ASP

How do you prevent a user who doesnt log off a site from backing into a site if they leave it. Say for example a person logs into www.whatever.com but they dont log off, they instead type www.msn.com into the browser. Once they are on MSN they decide to hit the back button to get back to whatever.com, the actually logged in account. How do i prevent them from doing so, and if they try to back into the site it tells them to log on again? Is this possible? I need help, new to ASP.

 

you'll need to tell us how you keep the session for logged in users, is it just a session or a cookie??? or something else

 

No cookie, just a session

 

Heres the code to be exact:


<%
Dim objConn
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.open dsn

If Session("blnValidUser") = True and Session("Admin_ID") = "" Then
Dim rsPersonIDCheck
Set rsPersonIDCheck = Server.CreateObject("ADODB.Recordset")
Dim strSQL
strSQL = "SELECT * FROM Settings WHERE Admin_ID = '" & Session("Admin_ID") & "';"
rsPersonIDCheck.Open strSQL, objConn
If rsPersonIDCheck.EOF Then
Session("blnValidUser") = False
Else
Session("Admin_ID") = rsPersonIDCheck("Admin_ID")
End If
rsPersonIDCheck.Close
Set rsPersonIDCheck = Nothing
End If


Dim strID, strPassword
strID = Request("Admin_ID")
strPassword = Request("Password")

Dim rsUsers
set rsUsers = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT * FROM Settings WHERE Admin_ID = '" & strID & "';"
rsUsers.Open strSQL, objConn

If rsUsers.EOF Then
Session("Admin_ID") = Request("Admin_ID")
Response.Redirect "default.asp?SecondTry=True"
Else
While Not rsUsers.EOF
If UCase(rsUsers("Admin_Pass")) = UCase(strPassword) Then
Session("Admin_ID") = rsUsers("Admin_ID")
Session("isLoggedIn") = True
Session("blnValidUser") = True
Response.Redirect "main.asp"
Else
rsUsers.MoveNext
End If
Wend
Session("Admin_ID") = Request("Admin_ID")
Response.Redirect "default.asp?SecondTry=True&WrongPW=True"
End If
%>

 

You could put the site in a frameset and then have an onUnload procedure on the frameset to destroy the session. Think it would work.

Then again who wants a frameset nowadays.

All the best.

FBJ

 

chack the referer, if its not your site then Session("Admin_ID") = ""

 

I dont understand. The site is my site, (www.whatever.com/default.asp) If a user is on the site at that location, they can type www.yahoo.com into the address bar. Its right there, that I dont want them to be able to hit the back button, and be right back at www.whatever.com/default.asp. I want to find out how to make them have to log back into the site again. You mentioned using Session("Admin_ID") = "", but I dont really know how to put it into code since Im new to ASP. What exactly do I put inside the code to make them have to log back in, if they leave the site without logging out?

 

Put this code with the modification to the domain name and the numbers (count the chars in the domain)
--------------------------------
strURLIn = Request.ServerVariables("HTTP_REFERER")
if strURLIn <> "" AND left(strURLIn, 23)<>"http://www.whatever.com" AND left(strURLIn, 19)<>"http://whatever.com" then
Session("Admin_ID") = ""
end if
--------------------------------

 

only thing is - referrers actually work a little bit differently than that. Request.ServerVariables("HTTP_REFERER") tracks direct clicks to a page, not back-button activity.

i.e. user goes to google, then searches for "panties", goes to panties-rock-my-world.com, then decides that panties-rock-my-world.com is just too darned expensive, decides instead to go directly to Wal-mart's website, types in walmart.com into their address bar, decides wal-mart's panties are all too gosh darned fug-ly, hits their back button to go back to panties-rock-my-world.com, the referrer is still google.com, or else you'd be getting alot of strange, unexplainable referrers in your stats trackers. Usually in my stats trackers, each of my referrers make sense.

I know this doesn't help you, hflorez, but honestly i'm not sure i have an alternative. I think even your session ID on windows server will stay the same. i'm at a loss on this one.

VG

 

Its still not working. I tried the following as you suggest:

<%strURLIn = Request.ServerVariables("HTTP_REFERER")
if strURLIn <> "" AND left(strURLIn, 41)<>"http://www.floreztech.com/CHA/default.asp" AND left(strURLIn, 37)<>"http://floreztech.com/CHA/default.asp" then
Session("Admin_ID") = ""
end if%>

As soon as I login into the site, I am on a page called http://floreztech.com/CHA/test.asp. While Im on the page, I type in www.espn.com into the address bar. It then takes me to www.espn.com. When I hit the back button, I am sent right back to http://floreztech.com/CHA/test.asp, and I dont want that. I want my session to end as soon as I leave the site. In this case, I want them to hit the back button, and not be able to access test.asp, I want them to log back in at http://floreztech.com/CHA/default.asp as soon as they hit the back button. Basicly for example if someone was at a university, and they leave the browswer up after they leave, I dont want another student to hit the back button, and be logged into the site still, since the previous student forget to log off or close the browser. Can ASP even do that? I thought so

 

Sorry, one more thing, but if ASP cant do that, is there something I can incorporate inside the ASP page?

 

Contact my friend Ariel at www.ayesolutions.org. He is an asp genius. He will know exactly what to do.

Regards,

Col

 

Have you tested this:
http://www.4guysfromrolla.com/webtech/111500-1.shtml

 

thanks for the interesting article mano - whether or not it works i guess for him i guess we'll have to see - but it's definitely worth a read IMHO

vg