Solved

how to protect page display using cookies?

Posted on 2000-04-24
4
211 Views
Last Modified: 2006-11-17
Hi guys,

I have a login page, responselogin page and logout page. How can I do to delete cookies from my computer so that next time user cannot go to previous page without login the id and password even he/she press the previous button in their browser. This is very important to protect the page from unaouthorize user.

TQ
0
Comment
Question by:zamirjalil
  • 2
4 Comments
 
LVL 4

Expert Comment

by:fruey
ID: 2743092
Best thing to do is to disable cookies.

In IE - Internet Options.. Security... Custom
then disable cookies that are stored on your computer, and once-per-session cookies, OR
just disable stored cookies and close your browser fully before letting anyone else use it

In Netscape - Edit... Preferences.. Advanced and disable cookies.

You can also delete cookies by clearing your cache manually. Cookies are usually easy to find in Windows Explorer in your browser cache folder, and can be deleted manually.

From a programming point of view, if you want to write a cookie just for the session, so that it isn't stored on the computer, you can do this by not setting an expiry date. That way it will only last until the end of the session. You could give your user a dialog box like "Close your browser before anyone else uses the computer" as a security tip.
0
 

Expert Comment

by:deepaktyagi
ID: 2743229
you can do one thing when you go to the next page
<a href="javascript:locations.replace(your nextpage address)"></a>

This will not allow the user to go back by using back button.
This is for netscape.
0
 

Accepted Solution

by:
deepaktyagi earned 5 total points
ID: 2743230
you can do one thing when you go to the next page
<a href="javascript:locations.replace(your nextpage address)"></a>

This will not allow the user to go back by using back button.
This is for netscape.
0
 

Expert Comment

by:avidahake
ID: 2743246
you can check from which page he is accessing login page using
'Request.ServerVariables("HTTP_REFERER")
you can check like

if Request.ServerVariables("HTTP_REFERER") = "your password page's URL" then
    allow him to proceed
else
   redirect him to password page
end if

I think this will solve your problem


Avinash.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now