avoid a page going back to site after logging out

Discussion in 'ASP .Net' started by nvv via DotNetMonster.com, Jan 27, 2005.

  1. Hi,
    I am working on a web site which authenticates an user using forms. And once they logout, I observed that, for any reason if they click on "BACK" button of the browser, the user is being taken back to the site instead taking them to "login" page. I used formsAuthentication signout method and also used session's abandon method in signout event. Still I don't know why I am facing that problem. Please tell me what else I need to do in order to avoid that and present them with loging page like it happens with any email web site.

    Thanks,
     
    nvv via DotNetMonster.com, Jan 27, 2005
    #1
    1. Advertisements

  2. nvv via DotNetMonster.com

    MWells Guest

    Most likely you're seeing the contents of the browser cache, and not a new
    page generated by the server. Try hitting the back button and then F5 for
    refresh; you should be redirected to login.

    This isn't a security violation per-se; however it raises an interesting
    question regarding the sanctity of confidential information. When you log
    out, it would be nice to know that a new user approach the machine couldn't
    browse the cache so easily and view your previously-seen documents.

    A few possibilities;

    + Do some work to prevent the browser from caching the page. Historically,
    this has been somewhat unreliable, but there are some solutions that seem to
    behave consistently.

    + Immediately after logout, try writing some js out to close the browser.

    + Immediately after logout, try writing some js to clear the history.

    You'll no doubt have different issues with different web browsers, and even
    more complex issue dealing with proxy server caches, but it's somewhere to
    start.

    /// M


    once they logout, I observed that, for any reason if they click on "BACK"
    button of the browser, the user is being taken back to the site instead
    taking them to "login" page. I used formsAuthentication signout method and
    also used session's abandon method in signout event. Still I don't know why
    I am facing that problem. Please tell me what else I need to do in order to
    avoid that and present them with loging page like it happens with any email
    web site.
     
    MWells, Jan 27, 2005
    #2
    1. Advertisements

  3. Mr. Wells,

    I am working on intranet. So, no problem of browser type or version. Is there any way that we can avoid in the way it happens in yahoo mail. I mean, whatever the page that the user requests, he must be redirected to login(that includes after logging out and hitting browser's back button). Like how it happens even with this site(dotnetmonster).
    Please help. If boss wants like that, we have to do that.

    Thanks,
    nvv
     
    Maheeja Swarna via DotNetMonster.com, Jan 27, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.