开发者

how to implement user sessions in asp.net c#

开发者 https://www.devze.com 2023-01-25 10:35 出处:网络
hi let me explain the scenario. I am developing an application for Online Examination. Once a user logs into the system, he is allowed to start a Test; on clicking start test button the user is redir

hi let me explain the scenario.

I am developing an application for Online Examination. Once a user logs into the system, he is allowed to start a Test; on clicking start test button the user is redirected to the questions page. No开发者_运维问答w when the user clicks and confirms ending of the test by a button click then he is redirected to the results page.

Now what I want here is that when the results page is being displayed the user should automatically be logged out of the system and should not be able to go back to the previous pages by pressing the browser's back button.

The problem which I am facing right now is that when the results page is displayed anyone can press the back button and continue the test and manipulate the result. How can I stop this. Need a detailed solution to it.


You will need to disable caching of the pages. When you press the back button, the browser will use the cached version of the page. If you disable caching, when the browser actions the back mechanism, it will determine that the page needs to be fetched again, processing the page with a state where the user is no longer logged in.


Store a session variable like currentQ that holds the ID of the latest question answered. If the user tries to answer a previously answered question, do not accept the answer and instead redirect him to the proper page.

This will also prevent him from using the Back button when he is in the middle of the examination.


You should store the logged-in user in a session or a cookie. The results page should always check the cookie or session if the user is logged in. If not the results page will display some feedback message.


The best way you can do is Either use a master page or place a user control on every page. The MasterPage/UserControl should check for the current session(whether the user is logged in or not). If the Session is available then it should continue, else it should move to login screen. At the result page, you can clear the session value.

Now if a users press the Back button at Results Page, The Page( masterpage or usercontrol) willn't find the session and will redirect the page to Login page.

I hope this will help you.

0

精彩评论

暂无评论...
验证码 换一张
取 消