chawtee
asked on
How to prevent user from using the back button to go back to previous viited pages after logging out?
Hi,
I have a question, regarding preventing users from using BACK button on the browser to visit the previous pages in the website.
E.g
1) User log in
2) surf at a.asp
3)surf at b.asp
4) click on log out.
I wan to make sure user cannot surf back b.asp once he has log out by clicking the back button on the browser.
I tried many method.
Method 1
------------
using session variable to store the ID at every page. This prevents the users from directly accessing individual pages. IT works. But once user CLICK back button, they can go back becos i think the session is still there. I tried session.timeout also cannot. I tried session("loginID")="" after logging out also cannot. THey still can go to the b.asp page by click back.
Method 2
----------
I used meta tags to solve the problem.
<META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">
<META HTTP-EQUIV="Expires" CONTENT="0">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
it don't work too.
have no idea what else can i try..pls help me......i have been trying it for a week.....
I have a question, regarding preventing users from using BACK button on the browser to visit the previous pages in the website.
E.g
1) User log in
2) surf at a.asp
3)surf at b.asp
4) click on log out.
I wan to make sure user cannot surf back b.asp once he has log out by clicking the back button on the browser.
I tried many method.
Method 1
------------
using session variable to store the ID at every page. This prevents the users from directly accessing individual pages. IT works. But once user CLICK back button, they can go back becos i think the session is still there. I tried session.timeout also cannot. I tried session("loginID")="" after logging out also cannot. THey still can go to the b.asp page by click back.
Method 2
----------
I used meta tags to solve the problem.
<META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">
<META HTTP-EQUIV="Expires" CONTENT="0">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
it don't work too.
have no idea what else can i try..pls help me......i have been trying it for a week.....
ASKER
ACtually this is my project, then my teacher said we are not supposed to use cookies.
Only session variable can be used.
Only session variable can be used.
maybe you can have an intermediate redirect page, so when users hit back button, they get redirected to the logout page again..
It is impossible to truly disable the back button but here is a good article with a few tricks
http://www.4guysfromrolla.com/webtech/111500-1.shtml
http://www.4guysfromrolla.com/webtech/111500-1.shtml
Have the log in page set a session variable
have the log out page clear the session variable
on a.asp and b.asp redirect to login if the session variable is not set.
Login.asp
(after you have authenticated)
<% session("loggedIn")="YES"%
in a.asp
(at the top)
<%if not session("loggedIn") then response.Redirect("login.a
in b.asp
(at the top)
<%if not session("loggedIn") then response.Redirect("login.a
In logout.asp
(at the top)
<%session("loggedIn") ="NO" %>
I have had success with this method. I use it to show a flash intro once per session.
have the log out page clear the session variable
on a.asp and b.asp redirect to login if the session variable is not set.
Login.asp
(after you have authenticated)
<% session("loggedIn")="YES"%
in a.asp
(at the top)
<%if not session("loggedIn") then response.Redirect("login.a
in b.asp
(at the top)
<%if not session("loggedIn") then response.Redirect("login.a
In logout.asp
(at the top)
<%session("loggedIn") ="NO" %>
I have had success with this method. I use it to show a flash intro once per session.
disregard my previous post. I cut and paste too much!
Have the log in page set a session variable
have the log out page clear the session variable
on a.asp and b.asp redirect to login if the session variable is not set.
Login.asp
(after you have authenticated)
<% session("loggedIn")="YES"%
in a.asp
(at the top)
<%
Response.Buffer = True
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
if not session("loggedIn") ="YES" then response.Redirect("login.a
in b.asp
(at the top)
<%
Response.Buffer = True
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
if not session("loggedIn") ="YES" then response.Redirect("login.a
In logout.asp
(at the top)
<%session("loggedIn") ="NO" %>
I have had success with this method. I use it to show a flash intro once per session.
Have the log in page set a session variable
have the log out page clear the session variable
on a.asp and b.asp redirect to login if the session variable is not set.
Login.asp
(after you have authenticated)
<% session("loggedIn")="YES"%
in a.asp
(at the top)
<%
Response.Buffer = True
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
if not session("loggedIn") ="YES" then response.Redirect("login.a
in b.asp
(at the top)
<%
Response.Buffer = True
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
if not session("loggedIn") ="YES" then response.Redirect("login.a
In logout.asp
(at the top)
<%session("loggedIn") ="NO" %>
I have had success with this method. I use it to show a flash intro once per session.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so mcuh to all of you for your precious help..I will try all method first and then see which one are the ones I needed. Thank you so much again...I be back...
ASKER
I tried the above website
http://www.4guysfromrolla.com/webtech/111500-1.shtml
then the codes i think it works, but it allow users to refresh the page, and then the pages (e.g a.asp, b.asp)
appears again.
my codes:
<%
Response.Buffer=true
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
dim loginID
loginID=Request.Form("user
if loginID<>"" then
Session("ID")=loginID
else
if Session("ID")="" then
Response.Redirect ("index.htm")
end if
end if
%>
After i log out, I will go back to index.htm. Once I click back button on the browser, It shows this error message.
Error Message
------------------
The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.
To resubmit your information and view this Web page, click the Refresh button.
I don't want the user to click refresh button as the page will reappear again.
My logic on my pages
index.htm (click login) --> login.asp(got id textbox and password) (click submit) --> go a.asp (click logout)
--> go logout.asp (clear away the id)--> go back index.htm (problem)
my problem is user after logout, click back, then the error message appear(as above), once i click refresh, the page refresh again for me.
what i want it to be: once i click back, the a.asp should redirect me to index.htm, instead of letting me to refresh.
I don't want to disable the back button, cos teacher emphasise he don't want that to restrict user navigation.
Thank you once again.
http://www.4guysfromrolla.com/webtech/111500-1.shtml
then the codes i think it works, but it allow users to refresh the page, and then the pages (e.g a.asp, b.asp)
appears again.
my codes:
<%
Response.Buffer=true
Response.ExpiresAbsolute = Now() - 1
Response.Expires = 0
Response.CacheControl = "no-cache"
dim loginID
loginID=Request.Form("user
if loginID<>"" then
Session("ID")=loginID
else
if Session("ID")="" then
Response.Redirect ("index.htm")
end if
end if
%>
After i log out, I will go back to index.htm. Once I click back button on the browser, It shows this error message.
Error Message
------------------
The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.
To resubmit your information and view this Web page, click the Refresh button.
I don't want the user to click refresh button as the page will reappear again.
My logic on my pages
index.htm (click login) --> login.asp(got id textbox and password) (click submit) --> go a.asp (click logout)
--> go logout.asp (clear away the id)--> go back index.htm (problem)
my problem is user after logout, click back, then the error message appear(as above), once i click refresh, the page refresh again for me.
what i want it to be: once i click back, the a.asp should redirect me to index.htm, instead of letting me to refresh.
I don't want to disable the back button, cos teacher emphasise he don't want that to restrict user navigation.
Thank you once again.
just an idea..