Sending values from one page to another using sessions

Question

I am sending values from send page to receive page using sessions, its working fine but the problem is I remember the URL and i directly run receive page its shows previous information but it's invalid is it....?

If end user directly visit receive page i need to restrict or give some message something like that

How can i overcome this problem..............

This is my code

send.aspx.cs

protected void gv_rowcommand(object sender, GridViewCommandEventArgs e)
{
    if (e.CommandName == "Select")
    {
        GridViewRow grow = (GridViewRow)(((LinkButton)e.CommandSource)).NamingContainer;

        Session["c"] = grow.Cells[0].Text;
        Session["s"] = grow.Cells[1].Text;
        Session["e"] = grow.Cells[2].Text;
        Session["t"] = grow.Cells[3].Text;
        Session["a"] = grow.Cells[4].Text;
        Response.Redirect("confirmation.aspx");

    }   
}

confirmation.aspx.cs

protected void Page_Load(object sender, EventArgs e)
{
    lblgetcourse.Text = Convert.ToString(Session["c"]);
    lblgetstartdate.Text = Convert.ToString(Session["s"]);
    lblgetenddate.Text = Convert.ToString(Session["e"]);
    lblgettimings.Text = Convert.ToString(Session["t"]);
    lblgetamount.Text = Convert.ToString(Session["a"]);
}

Answer 1

protected void Page_Load(object sender, EventArgs e)
{
    if(Request.UrlReferrer.AbsolutePath == "~/send.aspx")
    {
        lblgetcourse.Text = Convert.ToString(Session["c"]);
        lblgetstartdate.Text = Convert.ToString(Session["s"]);
        lblgetenddate.Text = Convert.ToString(Session["e"]);
        lblgettimings.Text = Convert.ToString(Session["t"]);
        lblgetamount.Text = Convert.ToString(Session["a"]);
    }
    else
    {
        //do something
    }

}

Answer 2

On Confirmation Page, Fetch the Values from Session Variables an display them , then Clear Session variables just like: Session.Clear();

Answer 3

You can check the referrer header :

Request.UrlReferrer

and see where the request comes from.

so your page_load will look like :

protected void Page_Load(object sender, EventArgs e)
{
  if (!Request.UrlReferrer=='...') Response.Redirect("~/login.aspx");
...

Answer 4

Once you have displayed the values on the confirmation page you could remove them from the Session.

Session.Remove("c");
...

This will ensure that the confirmation page will always display fresh values coming from the send.aspx page. You could also check for the presence of those values in the session before displaying them.