• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 479
  • Last Modified:

Need help clearing Session data.

Hello Experts,

I'm creating an application where employees will log in and fill out forms and submit to DB.

The problem however that I'm facing is that if a user logs out of my application and if they click on the browsers back button it displays their session data.

Is there a way to COMPLETELY remove session data even if a user clicks on the browsers back button? Also, if I click on the browsers back button after I logout I can still make changes to the forms based on the session data that should have been removed when i logout but it's still active.

I'm going to attache my LogOut code, Login Code, and the Page_Load code that I'm using.

Contact Page Page_Load:

    protected void Page_Load(object sender, EventArgs e)
    {
        if ((Session["UserNameSessionID"] == null) || (Session["UserNameSessionID"].ToString() == ""))
        {
            lblFullNameSession.Text = "Hello, Guest";
            lb_logout.Visible = false;
        }
        else
        {
            string FirstName = Convert.ToString(Session["fname"]);
            string LastName = Convert.ToString(Session["lname"]);
            string EmpID = Convert.ToString(Session["empid"]);

            lblFullNameSession.Text = "Hello, " + FirstName + " " + LastName;
            lb_logout.Visible = true;
        } 
    }

Open in new window

Home Page Page_Load:

    protected void Page_Load(object sender, EventArgs e)
    {
        if ((Session["UserNameSessionID"] == null) || (Session["UserNameSessionID"].ToString() == ""))
        {
            lblFullNameSession.Text = "Hello, Guest";
            lb_logout.Visible = false;
        }
        else
        {
            string FirstName = Convert.ToString(Session["fname"]);
            string LastName = Convert.ToString(Session["lname"]);
            string EmpID = Convert.ToString(Session["empid"]);

            lblFullNameSession.Text = "Hello, " + FirstName + " " + LastName;
            lb_logout.Visible = true;
        } 
    }

Open in new window

Logout Code:

    protected void lb_logout_Click(object sender, EventArgs e)
    {
        Session.Abandon();
        Response.Redirect("index.aspx");
    }

Open in new window

Login Code:

protected void Page_Load(object sender, EventArgs e)
    {
        lblLoginError.Visible = false;

        EmployeeLoginInfo();

        string FirstName = Convert.ToString(Session["fname"]);
        string LastName = Convert.ToString(Session["lname"]);
        string EmpID = Convert.ToString(Session["empid"]);

        if (Session["empid"] != DBNull.Value)
        {
            lblFullNameSession.Text = "Hello, " + "Guest";
            lb_logout.Visible = false;
        }
        else
        {
            lblFullNameSession.Text = "Hello, " + FirstName + " " + LastName;
        }
    }

    protected void EmployeeLoginInfo()
    {
        string emp_username = HttpContext.Current.User.Identity.Name;

        SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["test"].ConnectionString);

        SqlCommand cmd = new SqlCommand();
        cmd.CommandText = "RetrieveEmployeeLoginInfo";
        cmd.CommandType = CommandType.StoredProcedure;
        cmd.Connection = conn;

        cmd.Parameters.Add("@emp_username", SqlDbType.VarChar, 50).Value = emp_username;

        DataTable dtEmployeeInfo = new DataTable();
        SqlDataAdapter adp = new SqlDataAdapter();

        try
        {
            conn.Open();

            adp.SelectCommand = cmd;
            adp.Fill(dtEmployeeInfo);

            if (dtEmployeeInfo != null)
            {
                DataRow data = dtEmployeeInfo.Rows[0];

                Session["fname"] = data["emp_firstname"].ToString();
                Session["lname"] = data["emp_lastname"].ToString();
                Session["empid"] = data["emp_id"].ToString();
            }
        }

        catch (Exception ex)
        {
            ex.Message.ToString();
        }

        finally
        {
            conn.Close();
        }
    }

    // Method to check your user credentials.
    private bool IsValidPassword(string userName, string password)
    {
        byte[] correctHash = null;
        using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["test"].ConnectionString))
        {
            SqlCommand cm = new SqlCommand("[dbo].[GetEmployeePassword]", conn);
            cm.CommandType = CommandType.StoredProcedure;
            cm.Parameters.Add("@emp_username", SqlDbType.VarChar, 50).Value = userName;
            conn.Open();
            correctHash = cm.ExecuteScalar() as byte[];
        }

        if (correctHash == null)
        {
            // User not found.
            return false;
        }
        else
        {
            return PasswordHash.ValidatePassword(password, correctHash);
        }
    }

    protected void btn_login_Click(object sender, EventArgs e)
    {
        if (IsValidPassword(txtUserName.Text, txtPassword.Text))
        {
            Session["UserNameSessionID"] = txtUserName.Text;
            FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
        }
        else
        {
            lblLoginError.Visible = true;
            lblLoginError.Text = "Invalid Credentials!";
        }
    }

    protected void lb_logout_Click(object sender, EventArgs e)
    {
        Session.Abandon();
        Response.Redirect("index.aspx");
    }

Open in new window

0
asp_net2
Asked:
asp_net2
  • 2
  • 2
2 Solutions
 
informaniacCommented:
protected void lb_logout_Click(object sender, EventArgs e)
    {
        Session["fname"] = null;
        Session["lname"] = null;
        Session["empid"] = null;

        Session.Abandon();
        Response.Redirect("index.aspx");
    }

Open in new window

0
 
asp_net2Author Commented:
That does not work. Back button on browser window still shows the session values.
0
 
Roopesh ReddyCommented:
Hi,

Check the ASP.NET Forums thread - http://forums.asp.net/t/1755872.aspx/2/10

Hope it helps u...
0
 
asp_net2Author Commented:
First of all, thank you both for replying to this post. This problem has been haunting me for weeks now. Both of the links where very helpful, I also came across another site that tells people to use the following method below. My question about that method is why are they using a date for 1900?

Thank you both very much. After looking at that I came up with I believe and hope :) is the solution to my problem. Please see below.

    protected void Page_Init(object sender, EventArgs e)
    {
        Response.Cache.SetNoServerCaching();
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetNoStore();
        Response.Cache.SetExpires(new DateTime(1900, 01, 01, 00, 00, 00, 00));
    }
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now