473,320 Members | 1,848 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Session

Hello,
On the LogOut Page i have done Session.Abandon();
And on every Page, In the Page_Load Event i check if the session exists
and only then display data.
Now the problem is after i logout from application and click the back
button of Internet Explorer, the page displays. Can anyone guide me
plsssss.

Thank you,
Bhagya

Dec 8 '06 #1
6 2753
This is such a common problem.

The problem is, when you click the Back button, your browser gets the page
from its cache. Worse than that, it means that no page_load event is
generated.

The choices you have are pretty limited (AFAIK). You can either try to
disable the Back button, by clearing the browser cache or something, or you
can deal with the problem when it genuinely arises. The former is really
annoying to users.

If you think about it, the problem is not that the page displays, but that
the user then moves on from that page and expects that data to be as
displayed in the browser. Because the session has been cleared, this will
not be the case. What you need to do, therefore, is to check the state of
the application when the user clicks on whatever action control you have
that deals with the application's state - usually a submit or "next" button.
You should be able to check the application's consistency at this point and,
if the application data is not consistent (i.e. you detect, implicitly, that
the user used the browser back button or the session timed out or whatever)
you can display a message or throw an exception or redirect to the login
page or do whatever is reasonable in your program.

This works for us. We make it easier for ourselves by maintaining
application-specific objects that hold the application state. All we put in
the Session are references to these objects. Storing tonnes of data in an
unstructured way in the Session is a really bad idea IMHO. We also use
forms authentication and attributes to ensure that users who are not logged
in and/or do not have the required role(s) cannot access classes and/or
methods innappropriately. We usually decorate every Page class, and every
method that alters the application state. In the case you mention, we would
have used FormsAuthentication.SignOut() and Session.Abandon(): therefore the
user would fail the security challenge on the Submit or Next button event
handler, because the event handler would be decorated with the appropriate
attributes.

HTH
Peter
"Bhagya" <ja**********@gmail.comwrote in message
news:11**********************@16g2000cwy.googlegro ups.com...
Hello,
On the LogOut Page i have done Session.Abandon();
And on every Page, In the Page_Load Event i check if the session exists
and only then display data.
Now the problem is after i logout from application and click the back
button of Internet Explorer, the page displays. Can anyone guide me
plsssss.

Thank you,
Bhagya

Dec 8 '06 #2

Peter Bradley wrote:
This is such a common problem.

The problem is, when you click the Back button, your browser gets the page
from its cache. Worse than that, it means that no page_load event is
generated.

The choices you have are pretty limited (AFAIK). You can either try to
disable the Back button, by clearing the browser cache or something, or you
can deal with the problem when it genuinely arises. The former is really
annoying to users.

If you think about it, the problem is not that the page displays, but that
the user then moves on from that page and expects that data to be as
displayed in the browser. Because the session has been cleared, this will
not be the case. What you need to do, therefore, is to check the state of
the application when the user clicks on whatever action control you have
that deals with the application's state - usually a submit or "next" button.
You should be able to check the application's consistency at this point and,
if the application data is not consistent (i.e. you detect, implicitly, that
the user used the browser back button or the session timed out or whatever)
you can display a message or throw an exception or redirect to the login
page or do whatever is reasonable in your program.

This works for us. We make it easier for ourselves by maintaining
application-specific objects that hold the application state. All we put in
the Session are references to these objects. Storing tonnes of data in an
unstructured way in the Session is a really bad idea IMHO. We also use
forms authentication and attributes to ensure that users who are not logged
in and/or do not have the required role(s) cannot access classes and/or
methods innappropriately. We usually decorate every Page class, and every
method that alters the application state. In the case you mention, we would
have used FormsAuthentication.SignOut() and Session.Abandon(): therefore the
user would fail the security challenge on the Submit or Next button event
handler, because the event handler would be decorated with the appropriate
attributes.

HTH
Peter
"Bhagya" <ja**********@gmail.comwrote in message
news:11**********************@16g2000cwy.googlegro ups.com...
Hello,
On the LogOut Page i have done Session.Abandon();
And on every Page, In the Page_Load Event i check if the session exists
and only then display data.
Now the problem is after i logout from application and click the back
button of Internet Explorer, the page displays. Can anyone guide me
plsssss.

Thank you,
Bhagya

Hello,

I m extremely new to this field. Could u give a code snippet or some
example?

Dec 8 '06 #3

Peter Bradley wrote:
This is such a common problem.

The problem is, when you click the Back button, your browser gets the page
from its cache. Worse than that, it means that no page_load event is
generated.

The choices you have are pretty limited (AFAIK). You can either try to
disable the Back button, by clearing the browser cache or something, or you
can deal with the problem when it genuinely arises. The former is really
annoying to users.

If you think about it, the problem is not that the page displays, but that
the user then moves on from that page and expects that data to be as
displayed in the browser. Because the session has been cleared, this will
not be the case. What you need to do, therefore, is to check the state of
the application when the user clicks on whatever action control you have
that deals with the application's state - usually a submit or "next" button.
You should be able to check the application's consistency at this point and,
if the application data is not consistent (i.e. you detect, implicitly, that
the user used the browser back button or the session timed out or whatever)
you can display a message or throw an exception or redirect to the login
page or do whatever is reasonable in your program.

This works for us. We make it easier for ourselves by maintaining
application-specific objects that hold the application state. All we put in
the Session are references to these objects. Storing tonnes of data in an
unstructured way in the Session is a really bad idea IMHO. We also use
forms authentication and attributes to ensure that users who are not logged
in and/or do not have the required role(s) cannot access classes and/or
methods innappropriately. We usually decorate every Page class, and every
method that alters the application state. In the case you mention, we would
have used FormsAuthentication.SignOut() and Session.Abandon(): therefore the
user would fail the security challenge on the Submit or Next button event
handler, because the event handler would be decorated with the appropriate
attributes.

HTH
Peter
"Bhagya" <ja**********@gmail.comwrote in message
news:11**********************@16g2000cwy.googlegro ups.com...
Hello,
On the LogOut Page i have done Session.Abandon();
And on every Page, In the Page_Load Event i check if the session exists
and only then display data.
Now the problem is after i logout from application and click the back
button of Internet Explorer, the page displays. Can anyone guide me
plsssss.

Thank you,
Bhagya

Hello,

I m extremely new to this field. Could u give a code snippet or some
example?

Dec 8 '06 #4

Peter Bradley wrote:
This is such a common problem.

The problem is, when you click the Back button, your browser gets the page
from its cache. Worse than that, it means that no page_load event is
generated.

The choices you have are pretty limited (AFAIK). You can either try to
disable the Back button, by clearing the browser cache or something, or you
can deal with the problem when it genuinely arises. The former is really
annoying to users.

If you think about it, the problem is not that the page displays, but that
the user then moves on from that page and expects that data to be as
displayed in the browser. Because the session has been cleared, this will
not be the case. What you need to do, therefore, is to check the state of
the application when the user clicks on whatever action control you have
that deals with the application's state - usually a submit or "next" button.
You should be able to check the application's consistency at this point and,
if the application data is not consistent (i.e. you detect, implicitly, that
the user used the browser back button or the session timed out or whatever)
you can display a message or throw an exception or redirect to the login
page or do whatever is reasonable in your program.

This works for us. We make it easier for ourselves by maintaining
application-specific objects that hold the application state. All we put in
the Session are references to these objects. Storing tonnes of data in an
unstructured way in the Session is a really bad idea IMHO. We also use
forms authentication and attributes to ensure that users who are not logged
in and/or do not have the required role(s) cannot access classes and/or
methods innappropriately. We usually decorate every Page class, and every
method that alters the application state. In the case you mention, we would
have used FormsAuthentication.SignOut() and Session.Abandon(): therefore the
user would fail the security challenge on the Submit or Next button event
handler, because the event handler would be decorated with the appropriate
attributes.

HTH
Peter
"Bhagya" <ja**********@gmail.comwrote in message
news:11**********************@16g2000cwy.googlegro ups.com...
Hello,
On the LogOut Page i have done Session.Abandon();
And on every Page, In the Page_Load Event i check if the session exists
and only then display data.
Now the problem is after i logout from application and click the back
button of Internet Explorer, the page displays. Can anyone guide me
plsssss.

Thank you,
Bhagya

Hello,

I m extremely new to this field. Could u give a code snippet or some
example?

Dec 8 '06 #5
"Bhagya" <ja**********@gmail.comwrote in message
news:11**********************@f1g2000cwa.googlegro ups.com...
I m extremely new to this field. Could u give a code snippet or some
example?
There's a problem with your newsreader - it keeps duplicating your posts...
Dec 8 '06 #6
Visual Studio Help has the following:

PrincipalPermissionAttribute can be used to declaratively demand that users
running your code belong to a specified role or have been authenticated. Use
of Unrestricted creates a PrincipalPermission with Authenticated set to true
and Name and Role set to a null reference (Nothing in Visual Basic).

The scope of the declaration that is allowed depends on the SecurityAction
that is used. PrincipalPermissionAttribute cannot be applied at the assembly
level.

The security information declared by a security attribute is stored in the
metadata of the attribute target and is accessed by the system at run time.
Security attributes are used only for declarative security. For imperative
security, use the corresponding permission class.

Important Prior to a demand for principal permission it is necessary to
set the current application domain's principal policy to the enumeration
value WindowsPrincipal. By default, the principal policy is set to
UnauthenticatedPrincipal. If you do not set the principal policy to
WindowsPrincipal, a demand for principal permission will fail. The following
code should be executed before the principal permission is demanded:
AppDomain.CurrentDomain.SetPrincipalPolicy(Princip alPolicy.WindowsPrincipal).

Example
The following example demonstrates how PrincipalPermission can be used
declaratively to demand that the current user is Bob and belongs to the
Supervisor role.

....

C#
[PrincipalPermissionAttribute(SecurityAction.Demand , Name="Bob",
Role="Supervisor")]

....

The following example demonstrates how to demand that the current user's
identity is Bob, regardless of role membership.

....

C#
[PrincipalPermissionAttribute(SecurityAction.Demand , Name="Bob")]

....

The following example demonstrates how to demand only that the user is
authenticated.

....

C#
[PrincipalPermissionAttribute(SecurityAction.Demand , Authenticated=true)]

-------------------------------------

If you need help on creating classes and objects, just read any standard
text. But in brief, let's say your UML (or whatever you use) determines
that you have a "Student" class that has interesting state transitions (e.g.
Enquirer --Applicant --Registered-Student --Graduate --Alumnus).
You define your class and then create an instance in your code. In order to
hold onto the instance across ASP.NET event handlers, methods and pages, you
store a reference to the class in the Session:

Student student = new Student();
Session["student"] = student;

Now, in a different scope (new page etc), you can do:

Student s = Session["student"];

Now you can call methods on your student object.

HTH
Peter
"Bhagya" <ja**********@gmail.comwrote in message
news:11*********************@j44g2000cwa.googlegro ups.com...
>
Peter Bradley wrote:
>This is such a common problem.

The problem is, when you click the Back button, your browser gets the
page
from its cache. Worse than that, it means that no page_load event is
generated.

The choices you have are pretty limited (AFAIK). You can either try to
disable the Back button, by clearing the browser cache or something, or
you
can deal with the problem when it genuinely arises. The former is really
annoying to users.

If you think about it, the problem is not that the page displays, but
that
the user then moves on from that page and expects that data to be as
displayed in the browser. Because the session has been cleared, this
will
not be the case. What you need to do, therefore, is to check the state
of
the application when the user clicks on whatever action control you have
that deals with the application's state - usually a submit or "next"
button.
You should be able to check the application's consistency at this point
and,
if the application data is not consistent (i.e. you detect, implicitly,
that
the user used the browser back button or the session timed out or
whatever)
you can display a message or throw an exception or redirect to the login
page or do whatever is reasonable in your program.

This works for us. We make it easier for ourselves by maintaining
application-specific objects that hold the application state. All we put
in
the Session are references to these objects. Storing tonnes of data in
an
unstructured way in the Session is a really bad idea IMHO. We also use
forms authentication and attributes to ensure that users who are not
logged
in and/or do not have the required role(s) cannot access classes and/or
methods innappropriately. We usually decorate every Page class, and
every
method that alters the application state. In the case you mention, we
would
have used FormsAuthentication.SignOut() and Session.Abandon(): therefore
the
user would fail the security challenge on the Submit or Next button event
handler, because the event handler would be decorated with the
appropriate
attributes.

HTH
Peter
"Bhagya" <ja**********@gmail.comwrote in message
news:11**********************@16g2000cwy.googlegr oups.com...
Hello,
On the LogOut Page i have done Session.Abandon();
And on every Page, In the Page_Load Event i check if the session exists
and only then display data.
Now the problem is after i logout from application and click the back
button of Internet Explorer, the page displays. Can anyone guide me
plsssss.

Thank you,
Bhagya


Hello,

I m extremely new to this field. Could u give a code snippet or some
example?

Dec 8 '06 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Damien | last post by:
Hi to all, I'm currently re-designing our intranet : nice and lean CSS2, cleaned-up PHP 4.3.7, better-normalized MySQL ;o). So I've started using the $_SESSION variable instead of register_globals...
1
by: mudge | last post by:
I'm running PHP Version 4.3.10. I'm trying to make it so that when a person logs in using a user name and password that their session is valid and continues for a few months so they don't have to...
6
by: Al Jones | last post by:
This is a repost form the vbscript newgroup - if this isn't the appropriate group would you point me toward one that is. Basically, I seem to be losing session data part way though preparing an...
5
by: Abhilash.k.m | last post by:
This is regarding the session management using Out of proc session management(SQL SERVER). Among the samples below which one is better to set the session? 1. There are 20 session...
0
by: joseph conrad | last post by:
Hi, I tried to implement my own session handler in order to keep control on the process the drawback I foun it is not creating and storing in my cookie the PHPSESSID variable anymore. reading te...
14
by: aroraamit81 | last post by:
Hi, I am facing a trouble. I have some Session variables in my code and somehow my session variables are getting mixed up with other users. For example User A has access to 10 companies and...
7
by: aroraamit81 | last post by:
Well Guys, Here is a very strange trouble. When more than one users request tto same page at the same time then our session gets conflicted. Moreover I printed my SessionID, strangely but true I...
0
by: TRB_NV | last post by:
I'd been using an Access database based shopping cart, but wanted to change it so that it would use session variables. I have a form that's submitted to a page called addtocart.asp that contains...
1
by: Santosh | last post by:
Dear All i am writting a code sending mail with attachement. i am writting code for sending mail in one page and code for attaching a file in the next page. aftet attaching a file i am taking...
5
by: lyealain | last post by:
<% If Session("username") = "" Then Response.Redirect("/CLS/Login.asp") End If Dim conn Dim connectstr Dim db_name, db_username, db_userpassword Dim db_server Dim res
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.