Session problem - DOTNET

Hi,
On the page load event of each page, check for the session variables.
If the session variable is empty, then redirect the page to the login page.

eg)
private void Page_Load(object sender, System.EventArgs e) {

if (Session["User_Id"].ToString().Trim().Equals(string.Empty)){

Response.Redirect("Login.aspx?Msg=Session expired. Please login again.");

}

}



Regards,

R.Balaji





"Stephen" <stephenjobs@hotmail.com> wrote in message
news:u7XNrdqaEHA.2216@TK2MSFTNGP10.phx.gbl...
> HI,
>
> I have created an application that has a logout.aspx page. here I clear
the
> session variables and redirect the user to the login page, but if I dont
> close the brower and hit the "back" button. the user is directed to the
old
> pages.
> How do i avoid this?
>
> Please advice,
> Stephen
>
>

Taking the code from the IBUYSPY portal's admin/logoff.aspx.cs code-behind
private void Page_Load(object sender, System.EventArgs e) {

// Log User Off from Cookie Authentication System

FormsAuthentication.SignOut();


// Invalidate roles token

Response.Cookies["portalroles"].Value = null;

Response.Cookies["portalroles"].Expires = new System.DateTime(1999, 10, 12);

Response.Cookies["portalroles"].Path = "/";


// Redirect user back to the Portal Home Page

Response.Redirect(Request.ApplicationPath);

}

Key points:

1.. logout
2.. invalidate the authentication cookie(s) and session variables
3.. and redirect to a page to prevent the back button from going to a previous page
This wil not prevent someone to navigate to a cached page in their history, so check for authentication on each page where it is necessary
"Stephen" <stephenjobs@hotmail.com> wrote in message news:u7XNrdqaEHA.2216@TK2MSFTNGP10.phx.gbl...

> HI,
>
> I have created an application that has a logout.aspx page. here I clear the
> session variables and redirect the user to the login page, but if I dont
> close the brower and hit the "back" button. the user is directed to the old
> pages.
> How do i avoid this?
>
> Please advice,
> Stephen
>
>