bdsign
asked on
How to control the users access when they go out of application!
I have an asp application. I want to control the users access when they go out of the application, ie. if they browse some web site after they login to the application, www.yahoo.com, and tries to come back, using back button, to application, it has to point to login screen instead of allowing to previous page.
if you expire cache, the server will mimic the post exactly the same way you did the first time, you'll need to add incremental logic to see if the counter is a repeat.
otherwise go complete opposite and make sure pages don't expire.
keep data in a hidden form parameter and detect if the data is saved. browsers will try to restore the saved data when people uses back and bingo..
here's an exerpt with someone getting this to work..
http://www.faqts.com/knowledge_base/view.phtml/aid/8169/fid/53
otherwise go complete opposite and make sure pages don't expire.
keep data in a hidden form parameter and detect if the data is saved. browsers will try to restore the saved data when people uses back and bingo..
here's an exerpt with someone getting this to work..
http://www.faqts.com/knowledge_base/view.phtml/aid/8169/fid/53
Depending on how serious you are about this, here is one solution:
For every link include an onclick=function().
For every page include an onload=checkstate() and onunload=updatestate().
This function will populate a textbox in a form visible but maybe outside the viewing area (i'll explain in a minute).
Whenever the function() executes, you should populate the textbox with something like a "Y". The link still gets executed along with the function so the page navigates. Also, the updatestate() function gets executed everytime a page changes. You want this function to set the value of the textbox to "N" only when the value is not "Y".
The checkstate() function will run on every page load (the first hit, the second hit via back button, etc.). This function will check the textbox for a value of "Y" or "". If this is true do nothing, allow the page to load but reset the value of the textbox to "". Otherwise, redirect to your login page.
When the user hits their back button only certain objects are cached by default in IE and NS. Textboxes will keep their last text when the page was changed. The trick is to make the textbox (not hidden) appear on the page but somewhere that the users won't see or interact with. I have typically located this inside a floating layer which is set to hidden. The textbox itself is visible so the cacheing scheme utilized by IE and NS will remain intact.
-rca
For every link include an onclick=function().
For every page include an onload=checkstate() and onunload=updatestate().
This function will populate a textbox in a form visible but maybe outside the viewing area (i'll explain in a minute).
Whenever the function() executes, you should populate the textbox with something like a "Y". The link still gets executed along with the function so the page navigates. Also, the updatestate() function gets executed everytime a page changes. You want this function to set the value of the textbox to "N" only when the value is not "Y".
The checkstate() function will run on every page load (the first hit, the second hit via back button, etc.). This function will check the textbox for a value of "Y" or "". If this is true do nothing, allow the page to load but reset the value of the textbox to "". Otherwise, redirect to your login page.
When the user hits their back button only certain objects are cached by default in IE and NS. Textboxes will keep their last text when the page was changed. The trick is to make the textbox (not hidden) appear on the page but somewhere that the users won't see or interact with. I have typically located this inside a floating layer which is set to hidden. The textbox itself is visible so the cacheing scheme utilized by IE and NS will remain intact.
-rca
Have your ASP login page open up in a new defined window (location, address bar disabled etc). Then use session("Permission") variable to allow people access [i.e. if login is successfull asign = 'YES'].
Then at the begining of each ASP page use "If session("Permission") = 'Yes'" to control access. This way with the address bar missing the user can not go to yahoo then back. The only way to go to yahoo is to close the window (thus closing the session, only way back through login), and open a new browser.
Might have missed something, but if not this is quite a simple approach.
Easynow
Then at the begining of each ASP page use "If session("Permission") = 'Yes'" to control access. This way with the address bar missing the user can not go to yahoo then back. The only way to go to yahoo is to close the window (thus closing the session, only way back through login), and open a new browser.
Might have missed something, but if not this is quite a simple approach.
Easynow
easynow111, unless the user presses Ctrl + N and then changes the URL.
-rca
-rca
- OR -
Alt + N in Netscape.
-rca
Alt + N in Netscape.
-rca
valid point, did seem a little too easy!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To prevent the user from manually entering the URL, including the field/value you will also need to check to see if the request method was a GET or POST. Manually entering the field/value would register as a GET method. The request object should include a way to determine the request method.
This would require you use POST methods for every link which may not be feasible.