问题
login.aspx
if (IsPostBack == false)
{
//destroy any login information
Session["password"] = "false";
Session["login"] = "false";
Session.Abandon();
Session.RemoveAll();
}
if (TextBox2.Text == main_password)
{//then he is website server admin
Session["password"] = "password";
Session["login"] = "true";
Response.Redirect("~/TABLE.aspx");
}
table.aspx
//checking if website server admin
if ("password" == (string)Session["password"])
{
link_logout.Enabled = true;
}//if ends
else
{//not authorized
Response.Redirect("~/Identify.aspx");
}//else ends
When I click the logout link
- the login page gets loaded, causing destruction of all the session states.
- the login page confirms to that when I use
response.write
to view the values of the session variables. - when I give user name and password and click login, it redirects to table page.
- when I click logout, it redirects to login page and login page destroys info.
Problem
- after the login information destroyed, then i click table link it goes to table page, as says NO NO and redirects to login page.
- BUT if I copy paste the url of the table page, then no matter what I do, it allows me view the page. That is it takes the value of the session variable and evalutes to TRUE, even when the values were destroyed.
I can't use asp.net login functions, my limitations do not allow me to use that control.
回答1:
You're seeing a cached version of the page in the browser.
If you press Ctrl+F5, it should go away.
回答2:
Make link_logout a linkbutton, put a onclick to the page, and in the onclick remove the session variables. Then do a server response redirect.
来源:https://stackoverflow.com/questions/4176108/why-does-the-value-of-session-variable-remain-even-after-all-the-code-of-destruc