0
我有3个用户并且为他们提供了登录页面。当用户登录时,用户将被引导至他们所关注的页面。但是,当用户点击浏览器的后退按钮时,他们不应该被允许访问页面,而不必再次提供登录凭证。 LoginPage.cs当点击后退按钮时阻止用户访问页面
protected void bLogin_Click(object sender, EventArgs e)
{
datatable = methodobj.getData("select regd_no, pword,user_type from stu_info where regd_no='" + tbUName.Text + "'and pword='" + tbPword.Text + "' ");
if (datatable.Rows.Count >= 1)
{
if (string.Compare(Convert.ToString(datatable.Rows[0][0]), tbUName.Text, false) == 0 &&
string.Compare(Convert.ToString(datatable.Rows[0][1]), tbPword.Text, false) == 0)
{
Session["loginstatus"] = true;
if (datatable.Rows[0]["user_type"].ToString() == "admin")
{
Session["regd_no"] = Convert.ToString(updtkitable.Rows[0]["regd_no"]);
Response.Redirect("~/aHome.aspx");
}
if (datatable.Rows[0]["user_type"].ToString() == "students")
{
Session["regd_no"] = Convert.ToString(updtkitable.Rows[0]["regd_no"]);
Response.Redirect("~/RandomPassword.aspx");
}
if (datatable.Rows[0]["user_type"].ToString() == "teacher")
{
Session["regd_no"] = Convert.ToString(updtkitable.Rows[0]["regd_no"]);
Response.Redirect("~/subMark.aspx");
}
}
else
{
lbStatus.Text = "**Login fail. Incorrect UserId or Password.";
}
}
else
{
lbStatus.Text = "**Login fail. Incorrect UserId or Password.";
}
}
AdminMasterPage.cs
protected void Page_Load(object sender, EventArgs e)
{
Response.Cache.SetNoStore();
if (Session["loginstatus"] == null)
{
Response.Redirect("~/login.aspx");
}
else if (!Convert.ToBoolean(Session["loginstatus"]))
{
Response.Redirect("~/login.aspx");
}
else if (Session["user_type"] != "admin")
{
Response.Redirect("~/login.aspx");
}
如果您想要阻止用户在不登录的情况下访问特定页面,则不应存储会话。对? – user1477388