01.30.13
by

Prevent backing into a site


How do you prevent a user who doesnt log off a site from backing into a site if they leave it. Say for example a person logs into http://www.cpwebhosting.net but they dont log off, they instead type other domain name into the browser. Once they are on other domain name they decide to hit the back button to get back to cpwebhosting.net, the actually logged in account. How do i prevent them from doing so, and if they try to back into the site it tells them to log on again? Is this possible? I need help, new to ASP.

Try this one

Code:

<%
Dim objConn
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.open dsn

If Session("blnValidUser") = True and Session("Admin_ID") = "" Then
Dim rsPersonIDCheck
Set rsPersonIDCheck = Server.CreateObject("ADODB.Recordset")
Dim strSQL
strSQL = "SELECT * FROM Settings WHERE Admin_ID = '" & Session("Admin_ID") & "';"
rsPersonIDCheck.Open strSQL, objConn
If rsPersonIDCheck.EOF Then
Session("blnValidUser") = False
Else
Session("Admin_ID") = rsPersonIDCheck("Admin_ID")
End If
rsPersonIDCheck.Close
Set rsPersonIDCheck = Nothing
End If

Dim strID, strPassword
strID = Request("Admin_ID")
strPassword = Request("Password")

Dim rsUsers
set rsUsers = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT * FROM Settings WHERE Admin_ID = '" & strID & "';"
rsUsers.Open strSQL, objConn

If rsUsers.EOF Then
Session("Admin_ID") = Request("Admin_ID")
Response.Redirect "default.asp?SecondTry=True"
Else
While Not rsUsers.EOF
If UCase(rsUsers("Admin_Pass")) = UCase(strPassword) Then
Session("Admin_ID") = rsUsers("Admin_ID")
Session("isLoggedIn") = True
Session("blnValidUser") = True
Response.Redirect "main.asp"
Else
rsUsers.MoveNext
End If
Wend
Session("Admin_ID") = Request("Admin_ID")
Response.Redirect "default.asp?SecondTry=True&WrongPW=True"
End If
%>
you'll need to tell us how you keep the session for logged in users, is it just a session or a cookie???


 No, it is not a cookie, just a session

chack the referer, if its not your site then Session("Admin_ID") = ""

put the site in a frameset and then have an onUnload procedure on the frameset to destroy the session.

Put this code
Code:


strURLIn = Request.ServerVariables("HTTP_REFERER")
if strURLIn <> "" AND left(strURLIn, 23)<>"http://www.cpwebhosting.net" AND left(strURLIn, 19)<>"http:/cpwebhosting.net" then
Session("Admin_ID") = ""

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.