login form and session

Question

I have a login form with two boxes and button on buttonclick I validate user using sql database and store the id in session and set up FormsAuthentication for later use. on logout button I redirect them logout.aspx where i destroy the session and redirect to login page :

 Session.Abandon();
 FormsAuthentication.SignOut();

now after logout if i go back using browser back button, I still can see my previouse page but if I refresh I get object reference not set to an instance of an object.

protected void Page_Load(object sender, EventArgs e)
Line 33:         {
Line 34:             string id = Session["ID"].ToString();

What is the best work around for this to send user back to login if this happens?

score 5 · Accepted Answer · answered Oct 12 '12 at 09:07

Nota : i suggest you to use

if(Session["ID"] != null)
{

}

But also I suggest you to use this configuration

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="Login.aspx"
           defaultUrl="default.aspx" />
  </authentication>
</system.web>

Your logout link/button should point to a page containing this code, along with whatever else you want.

private void Page_Load(object sender, System.EventArgs e)
{
    // Put user code to initialize the page here
    Session.Abandon();
    FormsAuthentication.SignOut();
}

Nota : sequence diagram

enter image description here

score 1 · Answer 2 · answered Oct 12 '12 at 09:04

1

You should first check if the Session["ID"] != null Otherwise the user is not authenticated.

But if you use FormsAuthentication you can also use User.Identity.IsAuthenticated

answered Oct 12 '12 at 09:04

David

435
4
8

login form and session

2 Answers2