Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can we stop web page view after signout using browser back

Tags:

browser

caching

asp.net-3.5

I am having web site in ASP.NET. We have two type of login 1. Users 2. Administrator

I am facing following problem during testing

Problem statement: Suppose i loggedin by user login and surf all pages, let say at any page of user i click on logout button, it will redirect me at login page.

Now the problem comes when i use browser back, it shows me user's page But in actual i should not able to view that page after logout.

My functionality is proper because if i click on page after logout it will again redirect me at login page, but my problem is i should not land on userpage using browser back after logout. [As happens in Google and Yahoo]

Same is happening with Admin login.

Please help me to sort out the problems.

like image 815
Hemant Kothiyal Avatar asked Sep 25 '09 09:09

Hemant Kothiyal

4 Answers

The problelm is the pages you can press back to have been cached. You can instruct your browser to ALWAYS fetch the pages from the server every time.

You will need to generate all of the following headers:

Pragma: no-cache
Cache-Control: max-age=1
Expires: Tue, 1 May 1985 01:10:00 GMT

The problem is not all browsers support all options so you have to include all of these headers to ensure all browsers don't cache your pages.

The other reason for needing all of these headers, is that in some cases even if the web browser is respecting the expires headers, there can be a misconfigured proxy server between you and the user that is still caching the pages.

In ASP you probably want to do something like this:

public void Page_Load() {
    Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
    Response.Expires = -1500;
    Response.CacheControl = "no-cache";
    Response.Cache.SetETag(randomString);
}
like image 165
Jay Avatar answered Oct 17 '22 07:10

Jay

You have to set the following I guess

Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
Response.Cache.SetValidUntilExpires(false);
Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();

This will cause your page to post back also when the user presses the back button and so you're able to check whether he's still logged in and in case redirect him to some other place.

like image 21
Juri Avatar answered Oct 17 '22 07:10

Juri

You must disable cache.

public void Page_Load()
{
Response.Cache.SetCacheability(HttpCacheability.NoCache) 
...
}
like image 1
bniwredyc Avatar answered Oct 17 '22 09:10

bniwredyc

Take a look at Disabling Back button of Browser on Logout click like Yahoo,Gmail etc for Security

like image 1
Quamis Avatar answered Oct 17 '22 08:10

Quamis
Sign in to Comment

Related questions

How to Detect Mac OS X Version in JavaScript
Why do browsers have 3 characters as protocol separator? [closed]
How to open two separate (default) browser windows instead of new tabs
How to enable the eclipse internal browser (Ubuntu 12.10)?
Browser caching when files are served from a network file-share
What exactly is "IE5 quirks" in IE 10 Developer Tools? [duplicate]
why are link, style and script elements moved from head to body by browsers erroneously? [closed]
How to disable or hide the popup Exit fullscreen(F11) in chrome?
Force capitalize letters in domain name [closed]
Delete cookies in webBrowser without restart
Browser.BOOKMARKS_URI not working in Android Studio
How to use Blob in safari 5.1
Are propietary browsers versions of Android Browser?
Modern or Non-deprecated way to detect flash player with js/jquery?
window.onpopstate - do I need to remove this event handler?
How are browserslist queries combined in a multi-line browserslist configuration?
Does TestCafe have a way of setting the default browser window size?
Why can't a malicious site obtain a CSRF token via GET before attacking?
HTML link that bypasses cache?
When is a browser considered "dead"? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!