?
Solved

How to control the users access when they go out of application!

Posted on 2003-03-26
10
Medium Priority
?
183 Views
Last Modified: 2006-11-17
I have an asp application. I want to control the users access when they go out of the application, ie. if they browse some web site after they login to the application, www.yahoo.com, and tries to come back, using back button,  to application, it has to point to login screen instead of allowing to previous page.
0
Comment
Question by:bdsign
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 4

Expert Comment

by:Binary1
ID: 8214301
One way would be to expire each of your pages, which prevents the user from using the BACK button to any of the pages on your site and then incorporate hidden POST data that is passed between each of your pages. If a page request is received and the hidden form value is not there you can then redirect them to the login page.

To prevent the user from manually entering the URL, including the field/value you will also need to check to see if the request method was a GET or POST. Manually entering the field/value would register as a GET method. The request object should include a way to determine the request method.

This would require you use POST methods for every link which may not be feasible.
0
 

Expert Comment

by:vthoang
ID: 8214378
if you expire cache, the server will mimic the post exactly the same way you did the first time, you'll need to add incremental logic to see if the counter is a repeat.

otherwise go complete opposite and make sure pages don't expire.
keep data in a hidden form parameter and detect if the data is saved.  browsers will try to restore the saved data when people uses back and bingo..

here's an exerpt with someone getting this to work..
http://www.faqts.com/knowledge_base/view.phtml/aid/8169/fid/53
0
 
LVL 4

Expert Comment

by:anderson22
ID: 8215422
Depending on how serious you are about this, here is one solution:

For every link include an onclick=function().
For every page include an onload=checkstate() and onunload=updatestate().

This function will populate a textbox in a form visible but maybe outside the viewing area (i'll explain in a minute).

Whenever the function() executes, you should populate the textbox with something like a "Y".  The link still gets executed along with the function so the page navigates.  Also, the updatestate() function gets executed everytime a page changes.  You want this function to set the value of the textbox to "N" only when the value is not "Y".

The checkstate() function will run on every page load (the first hit, the second hit via back button, etc.).  This function will check the textbox for a value of "Y" or "".  If this is true do nothing, allow the page to load but reset the value of the textbox to "".  Otherwise, redirect to your login page.

When the user hits their back button only certain objects are cached by default in IE and NS.  Textboxes will keep their last text when the page was changed.  The trick is to make the textbox (not hidden) appear on the page but somewhere that the users won't see or interact with.  I have typically located this inside a floating layer which is set to hidden.  The textbox itself is visible so the cacheing scheme utilized by IE and NS will remain intact.

-rca
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Expert Comment

by:Dean OBrien
ID: 8217048
Have your ASP login page open up in a new defined window (location, address bar disabled etc).  Then use session("Permission") variable to allow people access [i.e. if login is successfull asign = 'YES'].  

Then at the begining of each ASP page use "If session("Permission") = 'Yes'"  to control access. This way with the address bar missing the user can not go to yahoo then back.   The only way to go to yahoo is to close the window (thus closing the session, only way back through login), and open a new browser.

Might have missed something, but if not this is quite a simple approach.

Easynow
0
 
LVL 4

Expert Comment

by:anderson22
ID: 8217592
easynow111, unless the user presses Ctrl + N and then changes the URL.

-rca
0
 
LVL 4

Expert Comment

by:anderson22
ID: 8217593
- OR -
Alt + N in Netscape.

-rca
0
 
LVL 12

Expert Comment

by:Dean OBrien
ID: 8217731
valid point, did seem a little too easy!
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 10742892
PAQed - no points refunded (of 50)

CetusMOD
Community Support Moderator
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
This video teaches users how to migrate an existing Wordpress website to a new domain.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question