Solved

Session.Abandon not working properly

Posted on 1998-07-27
4
163 Views
Last Modified: 2013-12-25
Hi,
I have a problem. In the ASP page, i Give Session.Abandon at the end using VB Script. When i type someother location and then come back, the page is automatically loaded without asking the security password. I have disabled the Anonymous authentication and defined various users in NT Security. What could be the problem?
0
Comment
Question by:kbk
  • 2
  • 2
4 Comments
 
LVL 28

Accepted Solution

by:
sybe earned 100 total points
ID: 1858713
Session.abandon will destroy all ASP-sessionvariables, but it will not destroy NT-authentication. NT-authentication has nothing to do with ASP.

You can force the NT inlog dialogue in ASP with

<%
Response.Status = "401 Unauthorized"
%>



0
 

Author Comment

by:kbk
ID: 1858714
Is there a programmatic way to logoff from a NT server connection from an ASP script? We tried Response.Status(401, "Unauthorised") followed by Response.End. But, Status(401) allows the user to <CANCELl> the logon dialog box which allows him to still be logged on to the NT system and the user is able to load other ASP pages. Only when the user types an invalid user\password and clicks <OK> does the browser logoffs from the NT system and throws up its own logon dialog box and now if user clicks <CANCEL> HTTP error 401 is displayed by the browser.


0
 

Author Comment

by:kbk
ID: 1858715
Is there a programmatic way to logoff from a NT server connection from an ASP script? We tried Response.Status(401, "Unauthorised") followed by Response.End. But, Status(401) allows the user to <CANCELl> the logon dialog box which allows him to still be logged on to the NT system and the user is able to load other ASP pages. Only when the user types an invalid user\password and clicks <OK> does the browser logoffs from the NT system and throws up its own logon dialog box and now if user clicks <CANCEL> HTTP error 401 is displayed by the browser.


0
 
LVL 28

Expert Comment

by:sybe
ID: 1858716
The username/password is stored by the browser. It will be removed when you close the browser. There might be a way using ASP/CGI to interact with that, but for that you will have to edit something on the clients computer using a script. If you find that, it is a nice security hole :).

Why exactly do you want this ? If you want to prevent other people using your PC to make use of your passwords, you'll have to close the browser.



0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question