I am looking for a solution for user use the browser's back button to navigate to previous page once logged out.
I have a web application build in asp.net and using a custom membership provider for authentication and authorization. Everything works fine except when the user click on the logout link to log out of the application and being redirect to a default cover page, if the use click on the BACK BUTTON on their browser, it will actually go back to where they were before and the data will still show up.
Of course they can't do anything on that page, click on anything link they will be redirect to a login page again. But having those information display is making a lot users confused.
i am just wondering if there is any way i can either clear the browser's history so use can't go BACK, or when they click on the back button and have them redirect to the login page.
thanks
Worrying about the browser history and back button is going to give you headaches and genital warts. There are facilities built in to handle this problem.
Your logout link/button should point to a page containing this code, along with whatever else you want.
[vb.net]
Imports System.Web.Security
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _
Handles MyBase.Load
Session.Abandon()
FormsAuthentication.SignOut()
End Sub
[c#]
using System.Web.Security;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
Session.Abandon();
FormsAuthentication.SignOut();
}
Code comes from this page and is valid but the page is hard on the eyes.
A good Question/Answer regarding backbutton behavior can be found here.
Update:
pursuant to the conversation I am having with Matthew, disabling caching on individual pages that are sensitive or volitile can be done with code such as follows:
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
I am curious to know if it works for you as it does for me.