Forms Auth SignOut Question

  • Thread starter Patrick Olurotimi Ige
  • Start date
P

Patrick Olurotimi Ige

I have a Forms Auth and use a button that allows users to SignOut below
but when they sign out and PRESS THE BACK BUTTON they can see the
previous page WHY?

Sub SignOut(objSender As Object, objArgs As EventArgs)
'delete the users auth cookie and sign out
System.Web.Security.FormsAuthentication.SignOut()
Session.Abandon()
Session.Remove("Context.User.Identity.Name")
'redirect the user to their referring page

Response.Redirect("logon.aspx?ReturnUrl=%2fFormsAuthAd%2fdefault.aspx")

End Sub

ANY IDEAS WHAT I'M DOING WRONG!
Thx
 
J

John Saunders

Patrick Olurotimi Ige said:
I have a Forms Auth and use a button that allows users to SignOut below
but when they sign out and PRESS THE BACK BUTTON they can see the
previous page WHY?

Sub SignOut(objSender As Object, objArgs As EventArgs)
'delete the users auth cookie and sign out
System.Web.Security.FormsAuthentication.SignOut()
Session.Abandon()
Session.Remove("Context.User.Identity.Name")
'redirect the user to their referring page

Response.Redirect("logon.aspx?ReturnUrl=%2fFormsAuthAd%2fdefault.aspx")

End Sub

ANY IDEAS WHAT I'M DOING WRONG!
Click to expand...

You're not understanding web applications, that's what!

The back button isn't part of your application. It's part of the users
browser. They can press it whenever they want to. It doesn't send a request
for the previous page to your server! Instead, it just displays what your
server responded with the last time that page was requested.

What happens when the user hits the Back button and then the Refresh button?
Refresh will make a new request to your server.


John Saunders
 
C

Chris Hyde

Patrick said:
I have a Forms Auth and use a button that allows users to SignOut below
but when they sign out and PRESS THE BACK BUTTON they can see the
previous page WHY?

Sub SignOut(objSender As Object, objArgs As EventArgs)
'delete the users auth cookie and sign out
System.Web.Security.FormsAuthentication.SignOut()
Session.Abandon()
Session.Remove("Context.User.Identity.Name")
'redirect the user to their referring page

Response.Redirect("logon.aspx?ReturnUrl=%2fFormsAuthAd%2fdefault.aspx")

End Sub

ANY IDEAS WHAT I'M DOING WRONG!
Thx
Click to expand...
One possiblity is they are loading the page from their browser's cache.
You would have to try and not cache your pages (using pragma-nocache
and other methods, just search Google and you will find a wealth of
information).

HTH...

Chris
 
P

Patrick Olurotimi Ige

John..
Thanks for the reply..
I do know its not part of my Application but
What 'm asking here is that if there is a WAY!
 
J

John Saunders

Patrick Olurotimi Ige said:
John..
Thanks for the reply..
I do know its not part of my Application but
What 'm asking here is that if there is a WAY!
Click to expand...

Patrick,

The user could have taken a screen shot of your previous page. He could then
look at the screen shot whenever he wants to. There's nothing you can do
about that.

The user pressing the Back button is the same thing as the user keeping a
screen shot of the page. It's just an image of something that happened
previously. Even if you play games with the page expiration, there's nothing
you can do to prevent the user from keeping a screen shot of the page, or a
memory of it.

John Saunders
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

c# forms authentication 2
Forms authentication cookie handling question (C#) 4
Problems Redirecting from a Login Page 2
ASP.NET Forms Authentication 5
Sharing Authentication Across ASP.NET Applications 1
Perplexing and critical error - please help! 4
Forms authentication in a subfolder problem, please help 3
Cannot set timeout with asp.net 1.1 over than 20 minutes 5

Top