I want to place a logout link that directs the user back to the login page. My link looks like this:

<a href="login.asp?action=logout">Logout</a>

My login page has a username/password field and then submits to a check_user page. I am using session cookies to track permission. On my login page, I put the following code at the top to clear the sessions:

<%
If Request.QueryString("action") = "logout" Then
Session.Abandon()
End If
%>

But, this is not working. If I try to login, it takes me to my unauthorized page, as if I am trying to login twice.

Can someone please help?

Thanks!

I believe that if the user enters the correct username/password, it is just settin the variable Session("blnIsUserGood") to true. I didn't write the script, but that's all it appears to be doing.

I have this at the top of my login page:

<%
If Request.QueryString("action") = "logout" Then
Session("blnIsUserGood") = False
End If
%>

but If I click the logout link, it takes me to the login page, but when I try to login it still takes me to the unauthorized page??

here is the page the login page submits to to check authenticity. I have tried messing around with this page, but I can't get it to work.

<%
'Dimension variables
Dim adoCon 'Database Connection Variable
Dim strCon 'Holds the Database driver and the path and name of the database
Dim rsCheckUser 'Database Recordset Variable
Dim strAccessDB 'Holds the Access Database Name
Dim strSQL 'Database query sring
Dim strUserName 'Holds the user name
Dim opt 'option user selected
Dim memberid 'member id for update/delete

'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")
opt = Request.Form("opt")

'Check the database to see if user exsits and read in there password
'Initialise the strAccessDB variable with the name of the Access Database
strAccessDB = "users"

'Create a connection odject
Set adoCon = Server.CreateObject("ADODB.Connection")

'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein; DBQ=" & Server.MapPath(strAccessDB)

'Set an active connection to the Connection object
adoCon.Open strCon

'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblUsers.Password FROM tblUsers WHERE tblUsers.UserID ='" & strUserName & "'"

'Query the database
rsCheckUser.Open strSQL, strCon

'If the recordset finds a record for the username entered then read in the password for the user
If NOT rsCheckUser.EOF Then

'Read in the password for the user from the database
If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then

'If the password is correct then set the session variable to True
Session("blnIsUserGood") = True

'Close Objects before redirecting
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing

'Redirect to the authorised user page and send the users name
if (opt = "add") then
Response.Redirect"add_new_members.asp?name=" & strUserName
end if
if (opt = "update") then
Response.Redirect "update.asp?name=" & server.URlencode(strUserName) & "&memberid=" & Request.Form("memberid")
End if
if (opt = "delete") then
Response.Redirect "delete.asp?name=" & server.URLencode(strUserName) & "&memberid=" & Request.Form("memberid")
End if
if (opt = "enter") then
Response.Redirect "index.asp?name=" & server.URLencode(strUserName)
End if

End If
End If

'Close Objects
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing

'If the script is still running then the user must not be authorised
Session("blnIsUserGood") = False

'Redirect to the unautorised user page
Response.Redirect"unauthorised_user_page.asp"


%>

So then, I don't understand if I have a logout link the links to the login page, and I try to login again, it doesn't work??

i think the missunderstanding of a session is your problem.
you abandon the session then you hit a page in the site, this starts another session. The session ends when you leave the site. Normally login in and login out is controlled using cookies. Set a memory only cookie when a user logins in would allow the user to navigate your site loged in for this session only. You can use a permanent cookie if you want to remember that the user is logged in for multiple visits. If you want the user to be able to logout when they click the link set the cookie expire day to sometime in the past. On all the pages that you want secure retrieve the cookie, if one is there then display the pages if it is not there then don't display page and redirect to login page.

Hope this helps

if my logout link looks like this:

http://www.server.com/members/login.asp?action=logout

and at the top of my login page I have:

If Request.QueryString("action") = "logout" Then
Session("blnIsUserGood") = False
End If

Why wouldnt this work?