Welcome to the new platform of Programmers Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use it's exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.
I wrote a membership system with ASP. The system is simple. When user loggs in with the correct username and password, I assign the username to a session variable. And after when user navigates through the pages of members area I use the session variable to identify the user. And when the user loggs out, I abandon the session.
But I got a problem on this system. I wrote the problem step by step:
1) User loggs in to the system.
2) User closes the browser window without logout.
3) User openes a blank browser.
4) User directly enters the path of the members area.
5) USER IS IN!
How can I fix this problem. The user can bypass the login page. How can I prevent this. Or can you send some examples which doesnt have this bug.
Note: If user tries this steps after logout he/she couldnt get in. The bug occours if he/she doesnt use logout.