Problem: Prevent user from back to the previous page after logout.
Solution: For this scenario, my idea is to write a cookie when logout (check the “SetLogoutCookie” function), and read the cookie when page load for each web page except login.aspx (check the “RedirectToLoginPage” function). If the data in cookie means logout then redirect current page to login.aspx.
***** default.aspx ****** <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Untitled Page</title> <script type="text/javascript">
function SetLogoutCookie(value)
{var exdate=new Date();
exdate.setDate(exdate.getDate()+1);
var expires = ";
expires=" + exdate.toGMTString();
document.cookie = "logout=" + value + expires+";
path=/";
}
function Checklogout() {
var c_start = document.cookie.indexOf("logout=");
if (c_start!=-1)
{
c_start=c_start + 7; c_end=document.cookie.indexOf(";",c_start)
{
c_end=document.cookie.length;
{
return true; } }
}
function RedirectToLoginPage() {
if (Checklogout())
{
window.location = "login.aspx";
}
</head>
<body onload="RedirectToLoginPage()">
<form id="form1" runat="server">
<asp:LinkButton ID="LinkButton1" runat="server" OnClick="LinkButton1_Click"
OnClientClick="SetLogoutCookie('true')">Log out </asp:LinkButton>
</form>
</html>
************* default.aspx.cs ********************************
protected void LinkButton1_Click(object sender, EventArgs e)
{
FormsAuthentication.RedirectToLoginPage();
}
************ login.aspx ************************************
<html xmlns="http://www.w3.org/1999/xhtml">
<title>Untitled Page</title>
function SetLogoutCookie(value)
{
exdate.setDate(exdate.getDate()+1);
document.cookie = "logout=" + value + expires+";
path=/";
}
</head>
<form id="form1" runat="server">
Name:<asp:TextBox ID="TBName" runat="server">test</asp:TextBox>
Password:<asp:TextBox ID="TBPassword" runat="server"
TextMode="Password"></asp:TextBox>
<asp:LinkButton ID="LinkButton1" runat="server" OnClick="LinkButton1_Click"
OnClientClick="SetLogoutCookie('false')">Login</asp:LinkButton></div>
</body>
************ login.aspx.cs ***********************************
{
{ FormsAuthentication.RedirectFromLoginPage(TBName.Text,false);
}
}
************ web.config **********************************
<authentication mode="Forms">
protection="All" timeout="30">
<user name="test" password="test" />
</forms>
<authorization>
</authorization>
1 comment:
Post a Comment