Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

ASP Membership

Hi,
I wrote a membership system with ASP. The system is simple. When user loggs in with the correct username and password, I assign the username to a session variable. And after when user navigates through the pages of members area I use the session variable to identify the user. And when the user loggs out, I abandon the session.

But I got a problem on this system. I wrote the problem step by step:

1) User loggs in to the system.
2) User closes the browser window without logout.
3) User openes a blank browser.
4) User directly enters the path of the members area.
5) USER IS IN!

How can I fix this problem. The user can bypass the login page. How can I prevent this. Or can you send some examples which doesnt have this bug.

Note: If user tries this steps after logout he/she couldnt get in. The bug occours if he/she doesnt use logout.

Thanks...

Comments

  • bagles1bagles1 Posts: 54Member
    The problem with this method is that the Sessions only end by one of two means. When the session expires, default is 20 mins., or when you "abandon" the session. Obviously neither one of these is taking effect and hence your dilemma. As you do bigger sites, one that might span across several web servers, you will find that the session object is used less and less. One work around for this would be to use a database to track the user for each "session", you could probably find something on this method on www.4guysfromrolla.com or at www.15seconds.com as it is a pretty lengthy discussion. I wish I had a better answer for you but unfortunately using sessions is not all it is made out to be and if you choose to use them then there are pros and cons that have to be weighed on what is your best option. One final thing to note is that you could just lower the timeout for the session but if a user sits idle for longer than your timeout... "reading your content" then they will have to log back in. This could become really annoying to the user. I hope this helps, unfortunately it is probably not the answer you were looking for.

    -Bagles1
  • jeffy_khorjeffy_khor Posts: 163Member
    I have searching for the session in this messageboard and I am agree with Bagles1 that the limitation of session. Can bagles1 explain more anything about using the database to replace session or how the concept of replace happen. Explain how to make a user as log out if he didn't log out but just quit the browser if can. Thank you in advance. I have find that web sites but I don't know what the key word to find with. Could you help us. Thank you.




    : The problem with this method is that the Sessions only end by one of two means. When the session expires, default is 20 mins., or when you "abandon" the session. Obviously neither one of these is taking effect and hence your dilemma. As you do bigger sites, one that might span across several web servers, you will find that the session object is used less and less. One work around for this would be to use a database to track the user for each "session", you could probably find something on this method on www.4guysfromrolla.com or at www.15seconds.com as it is a pretty lengthy discussion. I wish I had a better answer for you but unfortunately using sessions is not all it is made out to be and if you choose to use them then there are pros and cons that have to be weighed on what is your best option. One final thing to note is that you could just lower the timeout for the session but if a user sits idle for longer than your timeout... "reading your content" then they will have to log back in. This could become really annoying to the user. I hope this helps, unfortunately it is probably not the answer you were looking for.
    :
    : -Bagles1
    :

Sign In or Register to comment.