how to create login and logout?

think you use seesion variable in your appliaction hence when you click on back page loged in again same problem there is in yahoo
as per me use coockies and expire it on click of logout dangerours but simple way according to me

can u explain to me further..

you can solve this problem using state managment or database.
When you login store your username in cokkies and when you logout that time cler your cokkies. and on page postback check whether the Cokkies have username. If cookies dose not have any username then redirect User to login page or MasterHOme page.

or otherwise create a column like avil in database when you login that time make that column for that user true and when you logout make that column for that user False when he back then on post page chak wheter that column for that user is True. if false then redirct user to As per i told you.
but the better is use State Manegment.:) it qite simple and database like landdy.:p
try both method is working on my computer.:)

Kayfar;

Please post your login/logout code here (minus any password sensitive information if present in your code) so that we can see the process you're using to maintain your login session.

Depending on your session management method we may be better able to suggest the best possible method for ending the session so that if someone uses the "back" button the expired session means that they would be forced to log in again.

write this line on every master page of your application

Response.CacheControl = "no-cache"

this will dissallow your browser to cache your last page and hence wor as you desire reply after applying and if work for you please mark it as solved

Best way to do it Store user details in session when login and with logout clear session data, On every page load event check user credential then only proceed else redirect it to login page.....:icon_idea:

dear mono_jit23 your post will not work becouse whene u click BACK button of browser it fetch page from browser cache not go to server so for this time your application willnot able to check creadantioal k for that u have to prevent page cach by browser refer my last post in this thread

your application willnot able to check creadantioal

This is dependant on browser as well as postback properties of the pages. Even if the browser is pulling the page content from it's cache, if the page code requires a check of credentials at page_load it should still technically be performing this check whether it's cached or live.

This will work.... whether its cached or not.....clearing cache is not a good idea for me as it could lead to client dissatisfaction.

When Logout you this page in logout page load event

Session["Id"] = null;
        Session["Status"] = null;
        Session.Abandon();

when login store the values in session again and in every pageo load event
check

if (Convert.ToString(Session["Id"]) != "")
        {
          Your working code goes here
        }
        else
        {
         code to Redirect to your login page
        }

Hope this will solve your problem......:)

mono_jit23 will u please post your working code for my refrance if wann u can frwd your appln on my Email id <EMAIL NIPPED>
thank you

Working code means, if u need to check any other conditions in load event rather than the user credential.....that goes there....

if (Convert.ToString(Session["Id"]) == "")
      {
        response.redirect("Login.aspx");
      }
      else
      {
        //do nothing...
      }

I guess this will clear all the confusions.....:)

do you impilement this idea in your application according to me will not work with back button

Session["Id"] = null;
        Session["Status"] = null;
        Session.Abandon();

where should i put this code?

if (Convert.ToString(Session["Id"]) != "")
        {
          Your working code goes here
        }
        else
        {
         code to Redirect to your login page
        }

and where should i put this one? sorry i'm not good in programming..

u can use this to easy and simple

Response.CacheControl = "no-cache"

write this to all your master pages and on the form load event of forms which are not derived from any master form

reason why this happen:-
whene u click BACK button of browser it fetch page from browser cache not go to server so for this time your application willnot able to check creadantioal k for that u have to prevent page cach by browser

how to search by condition means dont understand elaborate you dout please and show your code

i only provide search through serial no..can i do search by other such as staffname,staffid or etc? did u understand my question?

yub you wanna search by multiple parameters wright will help but will take time 1 or 2 days becouse have lots of work here so you try your own if not don will help u ok

i've search many sources but still can't solve my problem..

create procedure getsearchresult
@firstname varchar(50)='',@lastname varchar(50)='',@midname varchar(50)=''
as begin
select * from tablename(if require use joints)
where 
( @firstname='' or colname like'%'+@firstname+'%') and
( @lastname='' or colname like'%'+@lastname+'%') and
( @midname='' or colname like'%'+@midname+'%') 
end

use this query for your search button edit according to youe table and col name and if you working with vb.net then replace + with & try it if u have to search based on 3 parameters and you passed only 2 parameters and leave one blank then it will give you result on passed 2 parameteres

i'm using MS Access..this code is for SQL db?

sorry bro dont have quiring knowladge in ms office this is logic try your own to convert it in access use google

i've a problem here where when i logout i still can click back..can anyone solve my problem?

hi there

You can use this logic in master page page_Load event

Private Sub IsUserAuthenticated()
        If Me.Context.User.Identity.IsAuthenticated = False Then
            Response.Redirect("~/Login.aspx")
        End If
    End Sub

When the user press browsers back button and try to perform any action, the master page load event will fire and checks if the user is isauthenticated i.e logged-in, if not then it will redirect to the login page. This logic works with me.

Mark as solved if it helps you!!!

i'm using C# not vb..can u show me code for login and logout?

Not to be too blunt but... the code for the vb version is not that hard to 'translate' to a C# equivalent format...

For instance:

Private Sub IsUserAuthenticated()

Translates to:

private void IsUserAuthenticated()

And...

Response.Redirect("~/Login.aspx")

Is the same in both languages.

And what do you know, a quick google search focused on the msdn.microsoft.com website reveals that you can use the User.Identity.IsAuthenticated method in the following way:

if (User.Identity.IsAuthenticated)
    {
        Page.Title = "Home page for " + User.Identity.Name;
    }
    else
    {
        Page.Title = "Home page for guest user.";
    }

However, now that I've done the work for you I guess there's no need for you to do any research yourself :twisted:

Hope this helps :) Please remember to mark solved once your issue is resolved.

asp.net/learn/security/

i'll try your link..i hope that can solve my problem..:)