Why does the value of session variable remain even after all the code of destruction?

Question

login.aspx

if (IsPostBack == false)
    {
        //destroy any login information
        Session["password"] = "false";
        Session["login"] = "false";
        Session.Abandon();
        Session.RemoveAll();
    }

    if (TextBox2.Text == main_password)
        {//then he is website server admin

            Session["password"] = "password";
            Session["login"] = "true";
            Response.Redirect("~/TABLE.aspx");

        }

table.aspx

    //checking if website server admin
    if ("password" == (string)Session["password"])
    {
        link_logout.Enabled = true;

    }//if ends
    else
    {//not authorized
        Response.Redirect("~/Identify.aspx");
    }//else ends

When I click the logout link

• the login page gets loaded, causing destruction of all the session states.
• the login page confirms to that when I use response.write to view the values of the session variables.
• when I give user name and password and click login, it redirects to table page.
• when I click logout, it redirects to login page and login page destroys info.

Problem

• after the login information destroyed, then i click table link it goes to table page, as says NO NO and redirects to login page.
• BUT if I copy paste the url of the table page, then no matter what I do, it allows me view the page. That is it takes the value of the session variable and evalutes to TRUE, even when the values were destroyed.

I can't use asp.net login functions, my limitations do not allow me to use that control.

Answer 1

You're seeing a cached version of the page in the browser.

If you press Ctrl+F5, it should go away.

Answer 2

Make link_logout a linkbutton, put a onclick to the page, and in the onclick remove the session variables. Then do a server response redirect.