Solved

how to protect page display using cookies?

Posted on 2000-04-24
4
212 Views
Last Modified: 2006-11-17
Hi guys,

I have a login page, responselogin page and logout page. How can I do to delete cookies from my computer so that next time user cannot go to previous page without login the id and password even he/she press the previous button in their browser. This is very important to protect the page from unaouthorize user.

TQ
0
Comment
Question by:zamirjalil
  • 2
4 Comments
 
LVL 4

Expert Comment

by:fruey
ID: 2743092
Best thing to do is to disable cookies.

In IE - Internet Options.. Security... Custom
then disable cookies that are stored on your computer, and once-per-session cookies, OR
just disable stored cookies and close your browser fully before letting anyone else use it

In Netscape - Edit... Preferences.. Advanced and disable cookies.

You can also delete cookies by clearing your cache manually. Cookies are usually easy to find in Windows Explorer in your browser cache folder, and can be deleted manually.

From a programming point of view, if you want to write a cookie just for the session, so that it isn't stored on the computer, you can do this by not setting an expiry date. That way it will only last until the end of the session. You could give your user a dialog box like "Close your browser before anyone else uses the computer" as a security tip.
0
 

Expert Comment

by:deepaktyagi
ID: 2743229
you can do one thing when you go to the next page
<a href="javascript:locations.replace(your nextpage address)"></a>

This will not allow the user to go back by using back button.
This is for netscape.
0
 

Accepted Solution

by:
deepaktyagi earned 5 total points
ID: 2743230
you can do one thing when you go to the next page
<a href="javascript:locations.replace(your nextpage address)"></a>

This will not allow the user to go back by using back button.
This is for netscape.
0
 

Expert Comment

by:avidahake
ID: 2743246
you can check from which page he is accessing login page using
'Request.ServerVariables("HTTP_REFERER")
you can check like

if Request.ServerVariables("HTTP_REFERER") = "your password page's URL" then
    allow him to proceed
else
   redirect him to password page
end if

I think this will solve your problem


Avinash.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now