Solved

Session.Abandon not working properly

Posted on 1998-07-27
4
169 Views
Last Modified: 2013-12-25
Hi,
I have a problem. In the ASP page, i Give Session.Abandon at the end using VB Script. When i type someother location and then come back, the page is automatically loaded without asking the security password. I have disabled the Anonymous authentication and defined various users in NT Security. What could be the problem?
0
Comment
Question by:kbk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 28

Accepted Solution

by:
sybe earned 100 total points
ID: 1858713
Session.abandon will destroy all ASP-sessionvariables, but it will not destroy NT-authentication. NT-authentication has nothing to do with ASP.

You can force the NT inlog dialogue in ASP with

<%
Response.Status = "401 Unauthorized"
%>



0
 

Author Comment

by:kbk
ID: 1858714
Is there a programmatic way to logoff from a NT server connection from an ASP script? We tried Response.Status(401, "Unauthorised") followed by Response.End. But, Status(401) allows the user to <CANCELl> the logon dialog box which allows him to still be logged on to the NT system and the user is able to load other ASP pages. Only when the user types an invalid user\password and clicks <OK> does the browser logoffs from the NT system and throws up its own logon dialog box and now if user clicks <CANCEL> HTTP error 401 is displayed by the browser.


0
 

Author Comment

by:kbk
ID: 1858715
Is there a programmatic way to logoff from a NT server connection from an ASP script? We tried Response.Status(401, "Unauthorised") followed by Response.End. But, Status(401) allows the user to <CANCELl> the logon dialog box which allows him to still be logged on to the NT system and the user is able to load other ASP pages. Only when the user types an invalid user\password and clicks <OK> does the browser logoffs from the NT system and throws up its own logon dialog box and now if user clicks <CANCEL> HTTP error 401 is displayed by the browser.


0
 
LVL 28

Expert Comment

by:sybe
ID: 1858716
The username/password is stored by the browser. It will be removed when you close the browser. There might be a way using ASP/CGI to interact with that, but for that you will have to edit something on the clients computer using a script. If you find that, it is a nice security hole :).

Why exactly do you want this ? If you want to prevent other people using your PC to make use of your passwords, you'll have to close the browser.



0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to dynamically set the form action using jQuery.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question