How to prevent seeing previous page after logout?

[Andy]

Hi,

I want to prevent the user from viewing the previous page using the Back
button after logout. I want to instead show that this page has expired.
How do I do this?

Here is my codebehind on the logoff page.

private void Page_Load(object sender, System.EventArgs e)
{

Session.Abandon();

FormsAuthentication.SignOut();

Response.Redirect("index.aspx");

}

I tried the following and none of them worked.
1. Added a no-cache meta tag.

2. Tried including the following code in page-load of logout.
Response.Clear();

Response.BufferOutput = true;

Response.Cache.SetExpires(DateTime.Now);

Response.Cache.SetCacheability(HttpCacheability.NoCache);

Response.Cache.SetNoStore();

Response.Write("");

Response.End();

What am I missing or doing wrong?

Regards,
Anand

 

[V]

You can use Javascript to get the desried effect:

Check out the link below

http://www.htmlgoodies.com/tutorials/buttons/article.php/3478911

- Vaibhav

 

[DaanishRumani]

The browser caches pages. So when one goes back to that page, it is the
same cahced copy that is being displayed. I personally dont think that
setting cacheability to NoCache for the LogOff page would help. The
page that you see when you click on the Back browser button needs that
setting.

Thus potentially all the pages that might link to the LogOff page need
to set Cacheability to NoCache.

Hope that would be the solution.

Again. Dont take me on my word. Test the above scenario first to see if
it works. I am also a learner.

 

[Andy]

Hi Daanish,

I tried this earlier and it had no effect.

Technically, I want the user to navigate back and forth if he's logged in.

I want a 'Page Expired' warning only when he has logged out and hits back.

Any clue? I am sure this should be possible but dunno how. :~)

Regards,
Anand

 

[Andy]

Hi Daanish,

I tried this earlier and it had no effect.

Technically, I want the user to navigate back and forth if he's logged in.

I want a 'Page Expired' warning only when he has logged out and hits back.

Any clue? I am sure this should be possible but dunno how. :~)

Regards,
Anand

 

[DaanishRumani]

Well one more thing that I forgot is that in addtion to using the above
setting, you should use some session variable say 'IsUserLoggedIn'. Set
this session variable to "true" or "yes" or whatever you like when you
log on. Then at the start of each page you need to check this variable
if it is equal to "true" or "yes". If it is so, then you would do
nothing and show the page normally. If the session variable is not
defined or it is set to anything other than that, then redirect to the
page that shows "your session has timed out" or "your session no longer
exists".

Remember that you would be setting this variable to "false" or "no"
when you sign out.

See below to get an Idea what I am saying.
1) When signing in:
Session("IsUserLoggedIn") = "true"
2) When signing out:
Session("IsUserLoggedIn") = "false"
3) At the start of each page that the user can see only when logged In:
if(Session("IsUserLoggedIn") == "true")
{
// do nothing
}
else
{
Response.Redirect("SessionHasExpired.aspx")
}

Ignore the syntax errors above. I just intend to better explain the
logic.

Session variables are maintained different for each user session by the
Web Server and the session timeout can be set at the Web Server
(IISAdmin).