Re: proper way to logout and end a session
- From: bruce barker <nospam@xxxxxxxxxx>
- Date: Wed, 18 Feb 2009 20:07:08 -0800
session and authentication are not linked. they are separate operations, and clearing does not effect the other. also the authentication cookie is separate from the session cookie. as the second site is opened from the first, its cookies are not deleted by the browser when the window is closed, so when the site is reopened, the authentication cookie is still active (unless you delete the cookie before closing the page). the session cookie is also still active, but session has been cleared.
you pages should always check for a valid session (a recycle can clear session), and recreate if missing.
-- bruce (sqlwork.com)
E. Kwong wrote:
Hi:.
I have a link on a site (say http://site1) that points to a small application I wrote which is being hosted on a different site (http://site2). The application consists of a login page (site2/app/login.aspx) and a couple of other pages (say page2.aspx, page3.aspx, etc...) and they are all in the same folder.. When people click on that link, the login page is supposed to show in a new browser window. And when people click the logout link inside the application, the application will close this second browser window.
During testing, from the link on http://site1, I'm able to login the application, get to the other pages (page2, page3, ...), and then logout. The problem is that if I go back to the first browser window (http://site1) immediately and click the link again, the application aborts with unhandled errors in the new browser window. I'll keep getting this error unless I close the first browser window, open a new one and re-access http://site1 again.
The link on http://site1 is originally http://site2/app/page2.aspx . The application aborts because in the page load event of page2.aspx, it is looking for some session variable values which dont't exist since I did a session.clear() upon the first logout. My question is: why did the application skip the login page and go directly to page2?
The login page is already specified in the authentication section of web.config:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="login" protection="All" timeout="60"/>
</authentication>
Right now I've changed the link on http://site1 to http://site2/Login.aspx?ReturnUrl=%2app%2fpage2.aspx and the problem "goes away". However; it's not a friendly URL and I definitely prefer the original URL.
I really would like to know the proper way to logout and end a session to avoid the situation described above. Any pointer greatly appreciated.
Using: .net 2.0
- References:
- proper way to logout and end a session
- From: E. Kwong
- proper way to logout and end a session
- Prev by Date: RE: Aspnet state error
- Next by Date: Repeater with DataGrid embedded in ItemTemplate
- Previous by thread: Re: proper way to logout and end a session
- Next by thread: Repeater with DataGrid embedded in ItemTemplate
- Index(es):
Relevant Pages
|
