Prevent "Back" Buttom in Browser

Discussion in 'ASP General' started by George, Jul 6, 2005.

  1. George

    George Guest

    I am trying to set up a login-logout website. I have a cookie about the
    login status. I put it as logout once the logout link is clicked. And
    I put a little security check about the status of the cookie variable
    everytime before loading the detailed member profiling.

    The page layout is like:

    Login page,-->check the login name/password database-->profile page(only
    login cookie is true, redirect back to login if false)

    Logout link, set login cookie as false and redirect to the login page.


    However, after I check a profile and then click logout, I can still get
    back to profile page by click "back" button in browser. I was told
    those are in the browser cache and the check of the "login" cookie does
    not actually work in this situation.

    Is there anyway to force the browser to clear the cache after I click
    the "logout". It should be possible since lots of websites do that. I
    just do not how to. Any help is highly appreciated!
    George, Jul 6, 2005
    #1
    1. Advertising

  2. Make sure the page isn't cached:
    http://www.aspfaq.com/2022
    http://msdn.microsoft.com/library/en-us/dnwebteam/html/webteam07032000.asp

    Also, you can use a client-side redirect (e.g.
    window.location.replace('newUrl.asp');) to prevent the current page from
    being in the history.

    If the page isn't cached and the session value is re-checked, after you've
    issued a session.abandon() they shouldn't be able to see the secure content
    again without logging in.





    > However, after I check a profile and then click logout, I can still get
    > back to profile page by click "back" button in browser.
    Aaron Bertrand [SQL Server MVP], Jul 6, 2005
    #2
    1. Advertising

  3. Aaron Bertrand [SQL Server MVP], Jul 6, 2005
    #3
  4. George

    George Guest

    Thank you. I will try tomorrow and let you know if I fail.

    Aaron Bertrand [SQL Server MVP] wrote:
    > Also see http://www.aspfaq.com/2017
    >
    >
    >
    >
    >
    >
    >>Is there anyway to force the browser to clear the cache after I click
    >>the "logout".

    >
    >
    >
    George, Jul 6, 2005
    #4
  5. George

    Carroll Guest

    I tried your code in a couple of test pages... and I could not get this to
    work. Test.asp had a link to Test_2.asp and if I had the <% noCache %>
    included on the second page in the head it would give me a page error. Also
    if I did not include the <% noCache %> on the second page I could still
    click the back button and the page would open....

    --


    Regards,

    Carroll


    "Duane Jackson" <> wrote in message
    news:42cbabca$0$2903$...
    > Hi George,
    >
    > I use the following function in an include:
    >
    > <%
    > function noCache()
    > response.addheader "Cache-Control", "no-store"
    > response.addheader "Cache-Control", "no-cache"
    > response.addheader "Pragma", "no-cache"
    > response.addheader "Cache-Control", "max-age=0, must-revalidate"
    > response.addheader "Expires", Now-1
    > end function
    > %>
    >
    > and then at the top of any page I don't want cached I simply put <%

    noCache
    > %>
    >
    > hope this helps!
    >
    > Duane
    >
    > "George" <> wrote in message
    > news:...
    > >I am trying to set up a login-logout website. I have a cookie about the
    > >login status. I put it as logout once the logout link is clicked. And I
    > >put a little security check about the status of the cookie variable
    > >everytime before loading the detailed member profiling.
    > >
    > > The page layout is like:
    > >
    > > Login page,-->check the login name/password database-->profile page(only
    > > login cookie is true, redirect back to login if false)
    > >
    > > Logout link, set login cookie as false and redirect to the login page.
    > >
    > >
    > > However, after I check a profile and then click logout, I can still get
    > > back to profile page by click "back" button in browser. I was told

    those
    > > are in the browser cache and the check of the "login" cookie does not
    > > actually work in this situation.
    > >
    > > Is there anyway to force the browser to clear the cache after I click

    the
    > > "logout". It should be possible since lots of websites do that. I just

    do
    > > not how to. Any help is highly appreciated!

    >
    >
    Carroll, Jul 7, 2005
    #5
  6. > it would give me a page error.

    Could you be more specific?
    Aaron Bertrand [SQL Server MVP], Jul 7, 2005
    #6
  7. > included on the second page in the head it would give me a page error.

    It has to be *BEFORE* any HTML.
    Aaron Bertrand [SQL Server MVP], Jul 7, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Music Lover

    prevent back in browser

    Music Lover, Jul 26, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    490
    MS News
    Jul 26, 2003
  2. Joana

    Datagrid Buttom Column

    Joana, Mar 3, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    657
    =?Utf-8?B?RG90TmV0SmVyb21l?=
    Mar 3, 2005
  3. Daniel Nielsen
    Replies:
    1
    Views:
    381
    Daniel Nielsen
    Apr 15, 2006
  4. Teresa
    Replies:
    1
    Views:
    307
    Andrew Thompson
    Oct 10, 2006
  5. John Carson

    Open a formView on buttom Clicked

    John Carson, Apr 29, 2006, in forum: C++
    Replies:
    1
    Views:
    407
    Daniel
    Apr 29, 2006
Loading...

Share This Page