0

我想知道如何使用 ASP.NET 从 C# 会话中注销用户。我正在使用 SQL Server 来检索用户登录时的用户名,(下面的第二个代码块)下面是我的 aspx 页面中的登录按钮背后的代码

protected void btnLogin_Click(object sender, EventArgs e)
{
        string email = txtEmail.Text;
        string password = txtPassword.Text;//AQUIRE EMAIL AND PASSWORD AND ADD TO STRINGS

        SqlDataReader dataread = null;

        SQLconn.Open();
        SqlCommand chkLogin = new SqlCommand("SELECT * FROM Member WHERE Email='" + email + "' AND Password='" + password + "'", SQLconn);
        dataread = chkLogin.ExecuteReader();
        SqlCommand nameAdd = new SqlCommand("SELECT Name FROM Member WHERE Email='" + email + "'", SQLconn);

        if (dataread.Read())
        {
            Response.Write("You are logged in");

            Session.Add("userID", dataread[0].ToString());
            Session.Add("userFName", dataread[1].ToString());
            Session.Add("userEmail", dataread[3].ToString());

            Response.Redirect("~/Profiles.aspx");
        }
        else
        {
            Response.Write("Please try again. Usernames and Passwords do not match.");
        }
        SQLconn.Close();
    } 

当他们登录时,他们被重定向到另一个页面。这是该页面背后的代码

if (Session.Count > 0)
{
    if (Session.Count > 0)
    {
                string name = (string)Session["userFName"];
                txtGreeting.Visible = true;
                txtGreeting.Text = "Welcome " + name + " , you are logged in! ";
    }
}
4

2 回答 2

0

您可以使用 Session.Clear(); 如果您有用户单击注销按钮时的方法。

在你的这个方法上

if (Session.Count > 0)
{
if (Session["username"] != null)
{
            string name = (string)Session["userFName"];
            txtGreeting.Visible = true;
            txtGreeting.Text = "Welcome " + name + " , you are logged in! ";
}
else{
Response.Redirect(Logout.aspx);
}
}

添加一个条件来检查 Session 是否有东西。

于 2015-07-17T17:21:52.590 回答
-1

您使用会话登录/注销的方式不正确,但如果您只是在单击注销时尝试删除用户,请执行以下操作:

Session["userFName"] = null; //the other session vars related to user as well

建议:至少查看表单身份验证或可能的令牌身份验证。会话可能被劫持,您正在打开您的应用程序以进行攻击。

于 2015-07-17T16:02:59.363 回答