ASP.NET authentication login and logout with browser back button

asp.net back-button asp.net-membership

Solution 1:

Worrying about the browser history and back button is going to give you headaches and genital warts. There are facilities built in to handle this problem.

Your logout link/button should point to a page containing this code, along with whatever else you want.

[vb.net]

Imports System.Web.Security

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _
 Handles MyBase.Load
    Session.Abandon()
    FormsAuthentication.SignOut()
End Sub

[c#]

using System.Web.Security;

private void Page_Load(object sender, System.EventArgs e)
{
    // Put user code to initialize the page here
    Session.Abandon();
    FormsAuthentication.SignOut();
}

Code comes from this page and is valid but the page is hard on the eyes.

A good Question/Answer regarding backbutton behavior can be found here.

Update:

pursuant to the conversation I am having with Matthew, disabling caching on individual pages that are sensitive or volitile can be done with code such as follows:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();

I am curious to know if it works for you as it does for me.

Solution 2:

You can use javascript to disable the back button (typically by sending the user to a page that forwards to another page, so that clicking back sends you forward again). A persistent user can still go 2 steps back in history and step over the loop.

That page is in the browser's cache. You can ask the browser to not cache anything, but this will ruin performance, sometimes dramatically, so I wouldn't recommend it.

Solution 3:

This code is very useful 

Response.Cache.SetCacheability(HttpCacheability.NoCache);

Only put this code on load event, on the master pagen in case, but it only works for IE, for IE and Firefox I used

Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();

Solution 4:

Your Answer

A workaround to this is to add the following javascript code to the section of the logout.aspx page:

<script type="text/javascript">
 window.history.forward(1);
</script>

This javascript code will forward the user back if the user gets to the logout page by pressing the back button.

If you need to ensure the user has no way to get back to the pages after they logout you must ask the browser not to cache any of the pages by including code similar to the following on every page:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1)); 
Response.Cache.SetCacheability(HttpCacheability.NoCache); 
Response.Cache.SetNoStore();

Related

jQuery: Get the cursor position of text in input without browser specific code? [duplicate]
gets() function in C
Select every nth row from dataframe
Replace nth occurrence of substring in string
Selecting elements with a certain background color
Is there any guarantee of alignment of address return by C++'s new operation?
Text on image mouseover?
Custom sorting (non-alphabetical)
Capturing binary output from Process.StandardOutput
Need a datetime column in SQL Server that automatically updates when the record is modified
How can I dynamically unload a javascript file?
How to get available wifi networks and display them in a list in android