Friday, April 8, 2011

how to disable back button in browser when user logout in asp.net c#

Our problem is we are able to clear session on logout. But if user click the back button then he/she can go through all previous. But the advantage is that on a single click on any of of such previously surf page bring user to login page back ,we had done that.But our requirement is we should no allow user to go through the previously surf page.Please reply fast.

From stackoverflow

  • You could go Outlook Web Access style, and simply have JavaScript close the current window/tab.

    Also, you can make sure that your "logout" page is a postback. That will force the user on a Back button in most browsers to retry the postback, at which point you can detect that they are no longer logged in and can redirect them back to the login page.

    Edit: Someone else mentioned a Response.Redirect. You could actually make your "logout" link go to a page that does a redirect, and ALWAYS redirect to a second "landing page". If the user clicks "Back", they will land on the redirect again and put them back where they started.

    There's no way to prevent browser history so it's important to use a couple of methods together and don't plan on a user "not going backwards" to ensure your application security.

  • You need to force the cache to expire for this to work. I'm looking for the code sample for you.

    EDIT
    Found this for you, its already been addressed here on SO.

    Page.Response.Cache.SetCacheability(HttpCacheability.NoCache)

    Here...

    routeNpingme : +1 just thought of adding this to my answer but beat me to it!

  • For ASP.NET pages you can use Response.CacheControl to control how a page is stored in a users cache. Other web development languages will utilize something similar.

  • You can't "disable" the back button. There are numerous "tricks" that i've seen that can clear out the back history, but these are unreliable and they don't work from browser to browser, or even version of browser to version of browser.

    As others have said, the correct method is invalidate the cache, along with server side validation that the session is no longer valid if they try to resend data. Also, Response.Redirect works better than a postback, since that causes a get rather than a post.

    Cerebrus : Out of all the given answers, this is the most complete and correct one which directly answers the question. Unfortunately, I have only one vote. ;-)

  • An earlier variation of the same question/answer:

    Is there a way to keep a page from rendering after a person has logged out but hit the "back" button

  • Here is the solution for the problem:

    http://muruganad.com/ASP.NET/ASP-.NET-Disable-Back-Browser-Button.html

Posted by Mu Cat at 11:22 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)