secretsound
New Member
I am working on an application in ASP.NET with c# and MSSQL DB. I am using a simple logic that if the session variables contain appropriate values then a page should open otherwise it should redirect to the login page. This is the code thats working.\[code\]protected void Page_Load(object sender, EventArgs e) { if(Session["loggedinloginid"]==null || Session["loggedinpassword"]==null) Response.Redirect("login.aspx"); con.ConnectionString = ConfigurationManager.ConnectionStrings["familyConnectionString"].ConnectionString; con.Open(); adp = new SqlDataAdapter("select * from admins where loginid=N'" + Session["loggedinloginid"].ToString() + "' AND password=N'" + Session["loggedinpassword"].ToString() + "'", con); dt = new DataTable(); adp.Fill(dt); if (dt.Rows.Count == 0) Response.Redirect("login.aspx"); LinkButton lb=(LinkButton)(Master.FindControl("LinkButton1")); lb.Text = "Welcome " + Session["loggedinloginid"].ToString()+"| Log Out |"; lb.Click += new EventHandler(lb_Click); } void lb_Click(object sender, EventArgs e) { Session.Clear(); Response.RedirectPermanent("WebForm2.aspx"); //throw new NotImplementedException(); }\[/code\]The problem is that when I log out and clear the session and type the URL of the page in the browser that I want to protect (the page with this code), it opens! Why and how can I avoid this?