Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to prevent user from going back to the login-page after successful login using back button

Tags:

c#

authentication

asp.net

asp.net-mvc

I am working on an MVC3 application and is stuck with a login security issue. The scenario is when a user logs-in with his/her username and password, if correct, he/she will be redirected to their homepage.

But if they click on the browser back button, they go back to the Login-page which in my case, I do not want. It's same like facebook, gmail etc. where once a user logs in with his/her credentials, they cannot go back to the login-page simply by clicking the back button of the browser.

like image 518
Abhishek Avatar asked Mar 24 '23 00:03

Abhishek

2 Answers

You can use javascript that checks for cookie you'll give after successfull login. the js will check it onpage load and redirect to non-login page if the cookie exists. there are also other methods to do that as desctibed in: here

like image 78
yossico Avatar answered Apr 06 '23 05:04

yossico

you need to expire cache and headers, here is what i use:

  <% HttpContext.Current.Response.Cache.SetAllowResponseInBrowserHistory(false);
   HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
   HttpContext.Current.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
   HttpContext.Current.Response.Cache.SetValidUntilExpires(false);
   HttpContext.Current.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
   HttpContext.Current.Response.Cache.SetNoStore();
   Response.Cache.SetExpires(DateTime.Now);
   System.Web.HttpContext.Current.Response.AddHeader("Pragma", "no-cache");
   Response.Cache.SetValidUntilExpires(true);
   Response.Buffer = true;
   Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0));
   Response.Expires = 0;
   Response.CacheControl = "no-cache";
   Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-4)); 
   Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0));
   Response.AppendHeader("Pragma", "no-cache");
   Response.Cache.AppendCacheExtension("must-revalidate, proxy-revalidate, post-check=0, pre-check=0");
%>  
<script language="javascript" type="text/javascript">
    window.onbeforeunload = function () {
        // This function does nothing.  It won't spawn a confirmation dialog   
        // But it will ensure that the page is not cached by the browser.
    }  
</script>

Add this in page head and the next time user try to go back it will request new page load.

like image 36
Alok Avatar answered Apr 06 '23 04:04

Alok
Sign in to Comment

Related questions

C# async await Task.delay in Action
& hotkey not disappearing on runtime
WCF initializing code
How to turn on WCF tracing at the client side?
Is it possible to change the Build Action of a file in pre-build events?
How to search all directories in all drives for .txt files?
How to generate UML Diagrams from VS2012 Professional Edition?
Default selection in RadioButtonFor
c# webapi httpget attribute
Call Expression within a LINQ to Entities Select with LINQkit
Can Expression.PropertyOrField be used to access a static property or field?
Items Common to Most Lists
JSHint-like tool, but for C# [duplicate]
PredicateBuilder nests OR clauses, causing nesting-too-deep issues for large predicates
Foreach vs for loop in C#. Creation of new object is possible in for loop, but not possible in foreach loop
Passing filepath into Main(string[] args) not working
is 'using namespace' means load entire types under that namespace
C# waiting for the data on serial port
XML Fields with Entity Framework Code First
Entity Framework (Code First) - Dynamically Building a Model

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!