Well then you aren't "logging in" the user so there's no way to log out the user.
An old-school way to do "log in" a user would be to set a variable in Session and to check that variable every page access...if there is no variable there then you know that the user is not "logged in".
For example, in your Login page you would check to make sure that the user provided the correct userID and password and then you would store the UserID in session:
-
'when the user tries to log in, check to make sure they provided
-
'valid credentials...if that authenticates then store the user ID in session
-
If authenticateUser(txt_userID.Text, txt_password.Text) = True Then
-
Session("userID") = txt_userID.Text
-
End If
Now you have to check to make sure that a value exists in Session("userID") on every page that is restricted to logged in users. If this does not exist then you redirect them to the login page (or something).
So in every Page Load you will have:
-
If Session("userID") Is Nothing Then
-
Response.Redirect("~/login.aspx", True)
-
End If
When the user logs out, either use Session.Abandon (which cleans up everything in session and is probably the best thing to use) or you can just set Session("userID")=nothing.
This is very basic authorization stuff :)
-Frinny