Security

I am using VB.NET and the application is a web app. I am trying to secure my website. When the User logs in from the Login Page and enters his account, then signs out, so after signing out the user gets back to the Login Page. So now the user shouldnt be able to enter the account by clicking the back button on the browser...How do I restrict the user to do that?


LVL 4
Moizsaif123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michel PlungjanIT ExpertCommented:
1. expire the pages from cache using cache control
or
2. open a new session in a new window and close the window when signing out
or
3. always use location.replace(newurl) to replace the current page in history and replace with the login page when signing out

Other than that I have no suugestions not knowing .net at all
0
Moizsaif123Author Commented:
I'm Interested in all points but what does 3). do again...and how do I start doing it?

Moiz  
0
Michel PlungjanIT ExpertCommented:
1. first

<form action="login" target="_blank">

2. on all the next pages use
<a href="page2.html" onClick="location.replace(this.href); return false">Page2</a>

and all foreign links open in new windows too

Michel
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Moizsaif123Author Commented:
     I think you have answered my question, tho instead of using a link I want the 'SignOut' to be a Button control. Below is this Button control in Html code, How do I redirect the onclick of this button to the Login.aspx Page?

and will it work the same way as the link does?

<INPUT id="Submit1" onclick="location.replace(this.href); return false" style="Z-INDEX: 101; LEFT: 121px; WIDTH: 122px; POSITION: absolute; TOP: 139px; HEIGHT: 25px" type="submit" value="Submit" name="Submit1" runat="server">



Moiz
0
Moizsaif123Author Commented:
I mean how do I make the Button control work the same way as the hyperlink does?



Moiz
0
Michel PlungjanIT ExpertCommented:
Sorry I do not understand the button
If you need the button to log out, that means you have a FORM whose ACTION is logging out
This button has a lot of garbage in it
and should PROBABLY look like this

<INPUT id="Submit1" style="Z-INDEX: 101; LEFT: 121px; WIDTH: 122px; POSITION: absolute; TOP: 139px; HEIGHT: 25px" type="submit" value="Submit" name="Submit1">

runat="server" is not something a button would have
ANd to have your button log out, you would simply have the logout script close the window when it returns
<body onLoad="window.close()">

Of course assuming your logon script opened a new window

0
Moizsaif123Author Commented:
Is it possible if you could send me a html coded page or two including a Login page and another random page with the Sign Out button, so I can see exactly wat yu mean, I would really appreciate it....... :), thanks....


Moiz
0
Michel PlungjanIT ExpertCommented:
<a href="login.asp" target="_blank">Login</a>




<form action="logout.asp">
<input type="submit" value="Logout">
</form>

and in logout.asp:

<script>
window.close()
</script>
0
Moizsaif123Author Commented:
So let me get the concept straight, say there are two pages....
Page A( Login Page), Page B(Random Page), then when the user clicks on the link in Page A then opens a new window which Page B. then user clicks on the sign out button in Page B and closes the window,so the user closes Page B. is that right?


0
Michel PlungjanIT ExpertCommented:
Hmm,

I have a link in the welcome page. It opens a new browser window with a loginform:
<a href="login.asp" target="_blank">Login</a>

login.asp is your pageA

then when you want the user to leave, you show

<form action="logout.asp">
<input type="submit" value="Logout">
</form>
to clean up or simply

<form>
<input type="button" value="Logout" onClick="window.close()">
</form>

if you do not need to tell the server the user left.
0
Michel PlungjanIT ExpertCommented:
if you use

<form action="logout.asp">
<input type="submit" value="Logout">
</form>

then logout.asp simply returns

<script>
window.close()
</script>

to the user
0
Moizsaif123Author Commented:
Got it!, umm for this link,
<a href="login.asp" target="_blank">Login</a>

I have to fill in VB code in the back, for that I want to use a button control, a web form button control. so I want the Button to act the same way as the link but also read the vb code in the back.Is that possible?




0
Michel PlungjanIT ExpertCommented:
<form action="login.asp" target="_blank">
<input name="something" type="hidden" value="<%= whatever %>">
<input type="submit" value="Login">
</form>
0
Moizsaif123Author Commented:
but what if i want a button to act independently of another buttons on the form. I mean if I have another button on the form and do someother function and not open a new window but this one button will open a new window.... below
<input type="submit" value="Login">
0
Michel PlungjanIT ExpertCommented:
<input type="button" value="Login" onClick="window.open('login.asp','_blank')">
0
Moizsaif123Author Commented:
Hey this link yuv given me,

<a href="page2.html" onClick="location.replace(this.href); return false">Page2</a>

this works on links,  but when i put this

<input type="button" value="Login" onClick="location.replace(this.href); return false">

it blows saying...

BC30456: 'location' is not a member of 'ASP.Pri_PtnIns_aspx'.


 how do i make it work on a button control

0
Michel PlungjanIT ExpertCommented:
this.href is the link's href

<input type="button" value="Login" onClick="location.replace('page2.html')">

you cannot just swap one control for another

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming

From novice to tech pro — start learning today.