Solved

how to protect page display using cookies?

Posted on 2000-04-24
4
213 Views
Last Modified: 2006-11-17
Hi guys,

I have a login page, responselogin page and logout page. How can I do to delete cookies from my computer so that next time user cannot go to previous page without login the id and password even he/she press the previous button in their browser. This is very important to protect the page from unaouthorize user.

TQ
0
Comment
Question by:zamirjalil
  • 2
4 Comments
 
LVL 4

Expert Comment

by:fruey
ID: 2743092
Best thing to do is to disable cookies.

In IE - Internet Options.. Security... Custom
then disable cookies that are stored on your computer, and once-per-session cookies, OR
just disable stored cookies and close your browser fully before letting anyone else use it

In Netscape - Edit... Preferences.. Advanced and disable cookies.

You can also delete cookies by clearing your cache manually. Cookies are usually easy to find in Windows Explorer in your browser cache folder, and can be deleted manually.

From a programming point of view, if you want to write a cookie just for the session, so that it isn't stored on the computer, you can do this by not setting an expiry date. That way it will only last until the end of the session. You could give your user a dialog box like "Close your browser before anyone else uses the computer" as a security tip.
0
 

Expert Comment

by:deepaktyagi
ID: 2743229
you can do one thing when you go to the next page
<a href="javascript:locations.replace(your nextpage address)"></a>

This will not allow the user to go back by using back button.
This is for netscape.
0
 

Accepted Solution

by:
deepaktyagi earned 5 total points
ID: 2743230
you can do one thing when you go to the next page
<a href="javascript:locations.replace(your nextpage address)"></a>

This will not allow the user to go back by using back button.
This is for netscape.
0
 

Expert Comment

by:avidahake
ID: 2743246
you can check from which page he is accessing login page using
'Request.ServerVariables("HTTP_REFERER")
you can check like

if Request.ServerVariables("HTTP_REFERER") = "your password page's URL" then
    allow him to proceed
else
   redirect him to password page
end if

I think this will solve your problem


Avinash.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question