我想知道如何使用ASP.NET从C#中的会话中注销用户。我正在使用SQL Server来检索用户登录时的名称,(下面的第二段代码) 这里的正下方是我的aspx页面上的登录按钮的代码
protected void btnLogin_Click(object sender, EventArgs e)
{
string email = txtEmail.Text;
string password = txtPassword.Text;//AQUIRE EMAIL AND PASSWORD AND ADD TO STRINGS
SqlDataReader dataread = null;
SQLconn.Open();
SqlCommand chkLogin = new SqlCommand("SELECT * FROM Member WHERE Email='" + email + "' AND Password='" + password + "'", SQLconn);
dataread = chkLogin.ExecuteReader();
SqlCommand nameAdd = new SqlCommand("SELECT Name FROM Member WHERE Email='" + email + "'", SQLconn);
if (dataread.Read())
{
Response.Write("You are logged in");
Session.Add("userID", dataread[0].ToString());
Session.Add("userFName", dataread[1].ToString());
Session.Add("userEmail", dataread[3].ToString());
Response.Redirect("~/Profiles.aspx");
}
else
{
Response.Write("Please try again. Usernames and Passwords do not match.");
}
SQLconn.Close();
}
登录后,他们会被重定向到另一个页面。这是该页面背后的代码
if (Session.Count > 0)
{
if (Session.Count > 0)
{
string name = (string)Session["userFName"];
txtGreeting.Visible = true;
txtGreeting.Text = "Welcome " + name + " , you are logged in! ";
}
}
答案 0 :(得分:0)
你可以使用 Session.Clear();用户单击“注销”按钮时的方法(如果有)。
关于你的这个方法
if (Session.Count > 0)
{
if (Session["username"] != null)
{
string name = (string)Session["userFName"];
txtGreeting.Visible = true;
txtGreeting.Text = "Welcome " + name + " , you are logged in! ";
}
else{
Response.Redirect(Logout.aspx);
}
}
再添加一个条件来检查Session是否有东西。
答案 1 :(得分:-1)
您使用会话进行登录/退出的方式不正确,但如果您只是在单击注销时尝试删除用户,请执行以下操作:
Session["userFName"] = null; //the other session vars related to user as well
建议:至少查看表单身份验证或可能是令牌身份验证。会话可能被劫持,您正在打开应用程序进行攻击。