Session.Contents.Abandon();
Session.Abandon();
Session.Clear();
Response.Redirect("Default.aspx");
write like this
On Mon, Feb 1, 2010 at 10:24 PM, HelloWorld <[email protected]> wrote:
> well, i made certain changes and now my login code is working, also a
> session id is created every time the user logs in.
> This is my final login code:
>
> namespace Login
> {
> public partial class _Default : System.Web.UI.Page
> {
> SqlConnection conn = new SqlConnection(@"Data Source=SWATY
> \SQLEXPRESS;Initial Catalog=Project_mydb;Integrated Security=True");
> SqlCommand cmd = new SqlCommand();
> SqlDataAdapter da = new SqlDataAdapter();
> DataSet ds = new DataSet();
>
>
> protected void btnLogin_Click(object sender, EventArgs e)
> {
> cmd.CommandText = "select * from Login";
> cmd.Connection = conn;
> da.SelectCommand = cmd;
> da.Fill(ds, "Login");
> int totaluser = ds.Tables["Login"].Rows.Count;
> for (int i = 0; i < totaluser; i++)
> {
> if (txtUserName.Text == ds.Tables["Login"].Rows[i]
> ["Username"].ToString() && txtPassword.Text == ds.Tables["Login"].Rows
> [i]["Password"].ToString())
> {
> Session["userId"] = txtUserName.Text;
> Response.Redirect("Home.aspx");
> }
> else
> {
> ErrorLabel.Visible = true;
> }
> }
> }
> }
> }
>
>
> Now I need to work on the logout code. I've written a certain code for
> logout but, on clicking the logout button, even after I am redirected
> to the Login Page, the browser's back button is still enabled which
> can bring the user back to the previous page(which I don't want to).
> Can u tell a way to either disable back browsing or to clear page
> history? Plz tell me what changes I need to make? Here's my logout
> code:
>
> namespace Login
> {
> public partial class Home : System.Web.UI.Page
> {
> protected void Page_Load(object sender, EventArgs e)
> {
> lblUser.Text = "Welcome" + Session["userId"].ToString();
> }
>
> protected void btnLogout_Click(object sender, EventArgs e)
> {
>
> Response.Redirect("Default.aspx");
> Session.Contents.Abandon();
> Session.Abandon();
> Session.Clear();
> }
> }
> }
>
>
>
> On Jan 30, 8:55 pm, Cerebrus <[email protected]> wrote:
> > Gosh, that is some scary code (only referring to the Page_Load
> > part) !! Do you realize how many problems that code has on so many
> > different levels ? I won't go into the problems here because it would
> > constitute an essay in itself.
> >
> > To answer your question(s) then:
> >
> > The pseudocode for a Login page/control should be as follows:
> >
> > Page_Load:
> > ~ If the page is loading for the first time, check if user is logged
> > in (A UserID is present in Session). If yes, redirect to Home page. If
> > no, show Login controls (username, password, submit button, Forgot
> > password link).
> >
> > Login Submit Click:
> > ~ Retrieve values of username and password textboxes.
> > ~ Create an SqlCommand pointing to a Stored Procedure (SP) (called
> > IsLoggedIn, for example) that validates a username/password
> > combination against user credentials present in the database.
> > ~ Set the SP parameters to those values retrieved from the username
> > and password textboxes and execute the SP. The SP should simply return
> > a True/False value. If required, you can return the UserID instead.
> > ~ Based on this result, store the UserID into Session or show
> > appropriate feedback to the user (eg. wrong password)
> > ~ Redirect to the welcome page.
> >
> > You could also implement the same thing via a Cookie.
> >
> > On Jan 30, 7:21 pm, HelloWorld <[email protected]> wrote:
> >
> >
> >
> > > @Cerebrus
> > > This is the Login page I created. but it does not involve any session
> > > or cookies.
> >
> > > namespace Login
> > > {
> > > public partial class _Default : System.Web.UI.Page
> > > {
> > > SqlConnection conn = new SqlConnection(@"Data Source=SWATY
> > > \SQLEXPRESS;Initial Catalog=Project_mydb;Integrated Security=True");
> > > SqlCommand cmd = new SqlCommand();
> > > SqlDataAdapter da = new SqlDataAdapter();
> > > DataSet ds = new DataSet();
> >
> > > protected void Page_Load(object sender, EventArgs e)
> > > {
> > > cmd.CommandText = "select * from Login";
> > > cmd.Connection = conn;
> > > da.SelectCommand = cmd;
> > > da.Fill(ds, "Login");
> > > int totaluser = ds.Tables["Login"].Rows.Count;
> > > for (int i = 0; i < totaluser; i++)
> > > {
> > > if (txtUserName.Text == ds.Tables["Login"].Rows[i]
> > > ["Username"].ToString() && txtPassword.Text == ds.Tables["Login"].Rows
> > > [i]["Password"].ToString())
> > > {
> > > Response.Redirect("Home.aspx");
> > > }
> > > else
> > > {
> > > Label3.Visible = true;
> > > }
> > > }
> > > }
> > > }
> >
> > > }
>
