Solved

Problem with "Logout" in ASP.NET

Posted on 2010-09-03
1
554 Views
Last Modified: 2012-06-27
I'm having problem with LOGOUT in ASP.NET.

When I click on LOGOUT button it goes to Login Page but if I click on back button on my browser, it redirects to previous page and I can access all the pages.

How can I end the session so that even if I click back button, it'll go to login page?

I'm using Visual Studio 2008, C#.
Logout
----------

public partial class Logout : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            //Session.Clear();
            //Session.Abandon();
            FormsAuthentication.SignOut();
            Response.Redirect("~/Default.aspx", true);
            //FormsAuthentication.RedirectToLoginPage();
            
        }
    }

Open in new window

Login Control:

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class Control_Login : System.Web.UI.UserControl
{
    private UserMembershipProvider UserMembership = new UserMembershipProvider();
    private RoleProvider roleProvider = new RoleProvider();

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            if (Request.Cookies["CapProSoft_RememberMe"] != null)
            {
                UserName.Text = (Request.Cookies["CapProSoft_RememberMe"]["UserInfo"]);
            }
        }
    
    }
    protected void LoginButton_Click(object sender, EventArgs e)
    {
        try
        {
            if (UserMembership.ValidateUser(UserName.Text, Password.Text))
            {
                SetUserIdentity(UserName.Text.Trim());
                Session["UserType"] = UserMembership.StrUserType;

                string[] temp = roleProvider.GetRolesForUser(UserName.Text);
                string roles = "";


                roles += UserMembership.GetUsersDistrict(UserName.Text);
                roles += "|";
                roles += String.Join(",", temp);


                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                                                                                 UserName.Text,
                                                                                 DateTime.Now,
                                                                                 DateTime.Now.AddMinutes(30), // value of time out property
                                                                                 RememberMe.Checked, // Value of IsPersistent property
                                                                                 roles,
                                                                                 FormsAuthentication.FormsCookiePath);

                string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                HttpCookie authCookie = new HttpCookie(
                                            FormsAuthentication.FormsCookieName,
                                            encryptedTicket);

                Response.Cookies.Add(authCookie);



                if (RememberMe.Checked)
                {
                    Response.Cookies.Remove("CapProSoft_RememberMe"); //This will remove previous cookie 
                    HttpCookie myCookie = new HttpCookie("CapProSoft_RememberMe"); //new cookie object
                    Response.Cookies.Add(myCookie); //This will create new cookie   
                    myCookie.Values.Add("UserInfo", UserName.Text); //Add User Name                   
                    DateTime CookieExpir = DateTime.Now.AddDays(60); //Cookie life 
                    Response.Cookies["CapProSoft_RememberMe"].Expires = CookieExpir; //Maximum day of cookie's life  
                }


                if (UserMembership.GetPasswordChange(UserName.Text))
                {
                    Response.Redirect("~/Components/ChangePassword.aspx", true);
                }



                string strRedirect;
                strRedirect = Request["ReturnUrl"];
                if (strRedirect == null)
                    strRedirect = "~/Components/Home.aspx";
                Response.Redirect(strRedirect, true);
            }
            else
                Response.Redirect("~/Default.aspx", true);
        }
        catch (Exception ex)
        {
            Response.Write(ex.Message.ToString());
        }
    }
    private User SetUserIdentity(string strUserEmail)
    {
        User MyIdentity = new User();
        MyIdentity = UserMembership.GetUSerDetails(strUserEmail);
        Session["MyIdentity"] = MyIdentity;
        return MyIdentity;
    }
}

Open in new window

0
Comment
Question by:pawar_deepak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
judgeking earned 500 total points
ID: 33598277
Keep your Session.Clear(); in your logout code.  Then on every page have some code like:

if (Session["MyIdentity"] == null)
  Response.Redirect("Login.aspx", true);

If they hit back, they'll see the last page, but when they try to submit anything, they'll be redirected to the login screen.  This code should fix that:

Response.AppendHeader("Refresh", "5; url=Login.aspx");

I usually use a Web UserControl for this kind of thing, then just include it in the Master page or every page.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question