Prevent backing into a site

How do you prevent a user who doesnt log off a site from backing into a site if they leave it. Say for example a person logs into but they dont log off, they instead type other domain name into the browser. Once they are on other domain name they decide to hit the back button to get back to, the actually logged in account. How do i prevent them from doing so, and if they try to back into the site it tells them to log on again? Is this possible? I need help, new to ASP.

Try this one


Dim objConn
Set objConn = Server.CreateObject("ADODB.Connection") dsn

If Session("blnValidUser") = True and Session("Admin_ID") = "" Then
Dim rsPersonIDCheck
Set rsPersonIDCheck = Server.CreateObject("ADODB.Recordset")
Dim strSQL
strSQL = "SELECT * FROM Settings WHERE Admin_ID = '" & Session("Admin_ID") & "';"
rsPersonIDCheck.Open strSQL, objConn
If rsPersonIDCheck.EOF Then
Session("blnValidUser") = False
Session("Admin_ID") = rsPersonIDCheck("Admin_ID")
End If
Set rsPersonIDCheck = Nothing
End If

Dim strID, strPassword
strID = Request("Admin_ID")
strPassword = Request("Password")

Dim rsUsers
set rsUsers = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT * FROM Settings WHERE Admin_ID = '" & strID & "';"
rsUsers.Open strSQL, objConn

If rsUsers.EOF Then
Session("Admin_ID") = Request("Admin_ID")
Response.Redirect "default.asp?SecondTry=True"
While Not rsUsers.EOF
If UCase(rsUsers("Admin_Pass")) = UCase(strPassword) Then
Session("Admin_ID") = rsUsers("Admin_ID")
Session("isLoggedIn") = True
Session("blnValidUser") = True
Response.Redirect "main.asp"
End If
Session("Admin_ID") = Request("Admin_ID")
Response.Redirect "default.asp?SecondTry=True&WrongPW=True"
End If
you'll need to tell us how you keep the session for logged in users, is it just a session or a cookie???

 No, it is not a cookie, just a session

chack the referer, if its not your site then Session("Admin_ID") = ""

put the site in a frameset and then have an onUnload procedure on the frameset to destroy the session.

Put this code

strURLIn = Request.ServerVariables("HTTP_REFERER")
if strURLIn <> "" AND left(strURLIn, 23)<>"" AND left(strURLIn, 19)<>"http:/" then
Session("Admin_ID") = ""

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.