Preventing User from backing up to previous page?

[Brian Mitchell]

I want to implement a logoff feature in my ASP.NET application (using VB),
but how do I expire or delete the pages from the cache so another user can't
simply use the back arrow to bring the pages back up?

Thanks!!

 

[Darrin J Olson]

You could use javascript and say something like:

history.go(-history.length);

This way there should be no more pages to go back to. Then redirect them to
a new logout page or something if you wanted to.

But...using script on the client isn't a very secure way to deny access to
pages. This would get rid of the history for the Back button, but it doesn't
prevent someone from using another method to remember the URL of the pages
they've been to (like writing it down) and then going to those pages after
they have logged out. Any security like this should really be done
server-side, not client-side.

-Darrin

 

[Brian Mitchell]

Yeah, I have a session variable the gets checked when the page loads and if
they try to type the URL directly (without the session variable being set)
it will automatically redirect them to the login page. However, in my logoff
button I implement a session.clear and a session.abandon but when the user
hits the back button it still takes them back (I guess none of the form
events are fired when a user presses back)