能正常登陆,但是注销后,点IE上的后退,却能访问用户登陆后的操作界面。
应该是Session没有清除掉,请问如何写 LoginOut.aspx.cs 的代码
下面是本人抄来的代码Login.aspx.cs的代码using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;
using System.Web.Configuration;public partial class Manager_Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{ }
protected void submit_Click(object sender, EventArgs e)
{
//获取用户输入信息
string UserName = LoginName.Text.ToString();
string Password = LoginPass.Text.ToString();
//用户数据加密
string strMd5 = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "md5");
//Response.Write(strMd5);
//Response.End();
if (Session["CheckCode"] == null)
{
lblMessage.Text = "系统错误,不能生成验证码";
lblMessage.Visible = true;
return;
}
if (tbxcheckcode.Text == "")
{
lblMessage.Text = "请输入验证码";
lblMessage.Visible = true;
return;
}
if (String.Compare(Session["CheckCode"].ToString(), tbxcheckcode.Text, true) != 0)
{
lblMessage.Text = "验证码错误,请输入正确的验证码。";
lblMessage.Visible = true;
return;
}
//从web.config中引用连接字符串
string settings = Convert.ToString(ConfigurationManager.ConnectionStrings["connStr"]);
//Response.Write(settings);
//Response.End();
//创建数据库连接对象
OleDbConnection myconn = new OleDbConnection(settings);
//打开数据库连接
myconn.Open();
//读取用户信息
string mysql = "select * from [Users] Where UserName=" + "'" + UserName + "'" + " And UserPwd=" + "'" + strMd5 + "'";
//Response.Write(mysql);
//Response.End();
//创建命令对象
OleDbCommand mycmd = new OleDbCommand(mysql, myconn);
//创建适配器并执行命令
OleDbDataReader mydr = mycmd.ExecuteReader();
try
{
if (mydr.Read())
{
string key = LoginName.Text; //用户名文本框设为cache关键字
string uer = Convert.ToString(Cache[key]); //读取cache中用户相应的值
//判断cache中是否有用户的信息,如果没有相关的值,说明用户未登陆
if (uer == null || uer == String.Empty)
{
//定义cache过期时间
TimeSpan SessTimeout = new TimeSpan(0, 0, System.Web.HttpContext.Current.Session.Timeout, 0, 0);
//第一次登陆的时候插入一个用户相关的cache值,
HttpContext.Current.Cache.Insert(key, key, null, DateTime.MaxValue, SessTimeout, System.Web.Caching.CacheItemPriority.NotRemovable, null);
//把用户名写入Session对象
Session["UserName"] = LoginName.Text;
//把用户密码写入Session对象
Session["UserPwd"] = LoginPass.Text;
//把权限编号写入session对象
Session["UserLevel"] = mydr["UserLevel"].ToString();
Response.Redirect("Default.aspx");
}
else
{
//重复登陆
Response.Write("");
}
}
else
{
//显示错误信息
lblMessage.Visible = true;
lblMessage.Text = "用户名或密码错误";
}
}
finally
{
//关闭操作
mydr.Close();
myconn.Close();
}
}}
LoginOut.aspx.cs的代码using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;public partial class LoginOut : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//移除身份认证凭据
FormsAuthentication.SignOut();
//重定向到主页
this.Page.Response.Redirect("Login.aspx");
Session["UserName"] = "";
Session["UserPwd"] = "";
Session["UserLevel"] = ""; }
}
应该是Session没有清除掉,请问如何写 LoginOut.aspx.cs 的代码
下面是本人抄来的代码Login.aspx.cs的代码using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;
using System.Web.Configuration;public partial class Manager_Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{ }
protected void submit_Click(object sender, EventArgs e)
{
//获取用户输入信息
string UserName = LoginName.Text.ToString();
string Password = LoginPass.Text.ToString();
//用户数据加密
string strMd5 = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "md5");
//Response.Write(strMd5);
//Response.End();
if (Session["CheckCode"] == null)
{
lblMessage.Text = "系统错误,不能生成验证码";
lblMessage.Visible = true;
return;
}
if (tbxcheckcode.Text == "")
{
lblMessage.Text = "请输入验证码";
lblMessage.Visible = true;
return;
}
if (String.Compare(Session["CheckCode"].ToString(), tbxcheckcode.Text, true) != 0)
{
lblMessage.Text = "验证码错误,请输入正确的验证码。";
lblMessage.Visible = true;
return;
}
//从web.config中引用连接字符串
string settings = Convert.ToString(ConfigurationManager.ConnectionStrings["connStr"]);
//Response.Write(settings);
//Response.End();
//创建数据库连接对象
OleDbConnection myconn = new OleDbConnection(settings);
//打开数据库连接
myconn.Open();
//读取用户信息
string mysql = "select * from [Users] Where UserName=" + "'" + UserName + "'" + " And UserPwd=" + "'" + strMd5 + "'";
//Response.Write(mysql);
//Response.End();
//创建命令对象
OleDbCommand mycmd = new OleDbCommand(mysql, myconn);
//创建适配器并执行命令
OleDbDataReader mydr = mycmd.ExecuteReader();
try
{
if (mydr.Read())
{
string key = LoginName.Text; //用户名文本框设为cache关键字
string uer = Convert.ToString(Cache[key]); //读取cache中用户相应的值
//判断cache中是否有用户的信息,如果没有相关的值,说明用户未登陆
if (uer == null || uer == String.Empty)
{
//定义cache过期时间
TimeSpan SessTimeout = new TimeSpan(0, 0, System.Web.HttpContext.Current.Session.Timeout, 0, 0);
//第一次登陆的时候插入一个用户相关的cache值,
HttpContext.Current.Cache.Insert(key, key, null, DateTime.MaxValue, SessTimeout, System.Web.Caching.CacheItemPriority.NotRemovable, null);
//把用户名写入Session对象
Session["UserName"] = LoginName.Text;
//把用户密码写入Session对象
Session["UserPwd"] = LoginPass.Text;
//把权限编号写入session对象
Session["UserLevel"] = mydr["UserLevel"].ToString();
Response.Redirect("Default.aspx");
}
else
{
//重复登陆
Response.Write("");
}
}
else
{
//显示错误信息
lblMessage.Visible = true;
lblMessage.Text = "用户名或密码错误";
}
}
finally
{
//关闭操作
mydr.Close();
myconn.Close();
}
}}
LoginOut.aspx.cs的代码using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;public partial class LoginOut : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//移除身份认证凭据
FormsAuthentication.SignOut();
//重定向到主页
this.Page.Response.Redirect("Login.aspx");
Session["UserName"] = "";
Session["UserPwd"] = "";
Session["UserLevel"] = ""; }
}
这句话的相对处理好像没有哦.....
或则写一个PageBase类(继承System.Web.UI.Page),重载Page_Load,来判断Session值是否存在,然后那些需要验证用户登录状态的页面继承PageBase.
你那个是有缓存存在的原因:
在母板页的pageload中添加代码 Response.Expires = 0;
Response.Buffer = true;
Response.ExpiresAbsolute = DateTime.Now.AddSeconds(-1);
Response.AddHeader("pragma", "no-cache");
Response.CacheControl = "no-cache";
{
protected void Page_Load(object sender, EventArgs e)
{
//移除身份认证凭据
FormsAuthentication.SignOut();
//重定向到主页
this.Page.Response.Redirect("Login.aspx");
Session["UserName"] = "";
Session["UserPwd"] = "";
Session["UserLevel"] = ""; }
}把
Session["UserName"] = "";
Session["UserPwd"] = "";
Session["UserLevel"] = "";
移到this.Page.Response.Redirect("Login.aspx");
前面啊,先清除SESSION 再重定向
Session.Clear();
Session.Abandon();
或者在Page_Load事件中判断session
string mysql = "select * from [Users] Where UserName=" + "'" + UserName + "'" + " And UserPwd=" + "'" + strMd5 + "'";
Response.Buffer = true;
Response.ExpiresAbsolute = DateTime.Now.AddSeconds(-1);
Response.AddHeader("pragma", "no-cache");
Response.CacheControl = "no-cache";
然后在Default.aspx中改成下面这样,不能返回了
<A HREF="LoginOut.aspx" onclick="javascript:location.replace(this.href); event.returnValue=false; ">退出系统</A>后退键没有用了结贴吧,谢谢