How do you prevent a user who doesnt log off a site from backing into a site if they leave it. Say for example a person logs into www.whatever.com but they dont log off, they instead type www.msn.com into the browser. Once they are on MSN they decide to hit the back button to get back to whatever.com, the actually logged in account. How do i prevent them from doing so, and if they try to back into the site it tells them to log on again? Is this possible? I need help, new to ASP.
you'll need to tell us how you keep the session for logged in users, is it just a session or a cookie??? or something else
Heres the code to be exact: <% Dim objConn Set objConn = Server.CreateObject("ADODB.Connection") objConn.open dsn If Session("blnValidUser") = True and Session("Admin_ID") = "" Then Dim rsPersonIDCheck Set rsPersonIDCheck = Server.CreateObject("ADODB.Recordset") Dim strSQL strSQL = "SELECT * FROM Settings WHERE Admin_ID = '" & Session("Admin_ID") & "';" rsPersonIDCheck.Open strSQL, objConn If rsPersonIDCheck.EOF Then Session("blnValidUser") = False Else Session("Admin_ID") = rsPersonIDCheck("Admin_ID") End If rsPersonIDCheck.Close Set rsPersonIDCheck = Nothing End If Dim strID, strPassword strID = Request("Admin_ID") strPassword = Request("Password") Dim rsUsers set rsUsers = Server.CreateObject("ADODB.Recordset") strSQL = "SELECT * FROM Settings WHERE Admin_ID = '" & strID & "';" rsUsers.Open strSQL, objConn If rsUsers.EOF Then Session("Admin_ID") = Request("Admin_ID") Response.Redirect "default.asp?SecondTry=True" Else While Not rsUsers.EOF If UCase(rsUsers("Admin_Pass")) = UCase(strPassword) Then Session("Admin_ID") = rsUsers("Admin_ID") Session("isLoggedIn") = True Session("blnValidUser") = True Response.Redirect "main.asp" Else rsUsers.MoveNext End If Wend Session("Admin_ID") = Request("Admin_ID") Response.Redirect "default.asp?SecondTry=True&WrongPW=True" End If %>
You could put the site in a frameset and then have an onUnload procedure on the frameset to destroy the session. Think it would work. Then again who wants a frameset nowadays. All the best. FBJ
I dont understand. The site is my site, (www.whatever.com/default.asp) If a user is on the site at that location, they can type www.yahoo.com into the address bar. Its right there, that I dont want them to be able to hit the back button, and be right back at www.whatever.com/default.asp. I want to find out how to make them have to log back into the site again. You mentioned using Session("Admin_ID") = "", but I dont really know how to put it into code since Im new to ASP. What exactly do I put inside the code to make them have to log back in, if they leave the site without logging out?
Put this code with the modification to the domain name and the numbers (count the chars in the domain) -------------------------------- strURLIn = Request.ServerVariables("HTTP_REFERER") if strURLIn <> "" AND left(strURLIn, 23)<>"http://www.whatever.com" AND left(strURLIn, 19)<>"http://whatever.com" then Session("Admin_ID") = "" end if --------------------------------
only thing is - referrers actually work a little bit differently than that. Request.ServerVariables("HTTP_REFERER") tracks direct clicks to a page, not back-button activity. i.e. user goes to google, then searches for "panties", goes to panties-rock-my-world.com, then decides that panties-rock-my-world.com is just too darned expensive, decides instead to go directly to Wal-mart's website, types in walmart.com into their address bar, decides wal-mart's panties are all too gosh darned fug-ly, hits their back button to go back to panties-rock-my-world.com, the referrer is still google.com, or else you'd be getting alot of strange, unexplainable referrers in your stats trackers. Usually in my stats trackers, each of my referrers make sense. I know this doesn't help you, hflorez, but honestly i'm not sure i have an alternative. I think even your session ID on windows server will stay the same. i'm at a loss on this one. VG
Its still not working. I tried the following as you suggest: <%strURLIn = Request.ServerVariables("HTTP_REFERER") if strURLIn <> "" AND left(strURLIn, 41)<>"http://www.floreztech.com/CHA/default.asp" AND left(strURLIn, 37)<>"http://floreztech.com/CHA/default.asp" then Session("Admin_ID") = "" end if%> As soon as I login into the site, I am on a page called http://floreztech.com/CHA/test.asp. While Im on the page, I type in www.espn.com into the address bar. It then takes me to www.espn.com. When I hit the back button, I am sent right back to http://floreztech.com/CHA/test.asp, and I dont want that. I want my session to end as soon as I leave the site. In this case, I want them to hit the back button, and not be able to access test.asp, I want them to log back in at http://floreztech.com/CHA/default.asp as soon as they hit the back button. Basicly for example if someone was at a university, and they leave the browswer up after they leave, I dont want another student to hit the back button, and be logged into the site still, since the previous student forget to log off or close the browser. Can ASP even do that? I thought so
Sorry, one more thing, but if ASP cant do that, is there something I can incorporate inside the ASP page?
Contact my friend Ariel at www.ayesolutions.org. He is an asp genius. He will know exactly what to do. Regards, Col
thanks for the interesting article mano - whether or not it works i guess for him i guess we'll have to see - but it's definitely worth a read IMHO vg