How to control the users access when they go out of application!

I have an asp application. I want to control the users access when they go out of the application, ie. if they browse some web site after they login to the application,, and tries to come back, using back button,  to application, it has to point to login screen instead of allowing to previous page.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

One way would be to expire each of your pages, which prevents the user from using the BACK button to any of the pages on your site and then incorporate hidden POST data that is passed between each of your pages. If a page request is received and the hidden form value is not there you can then redirect them to the login page.

To prevent the user from manually entering the URL, including the field/value you will also need to check to see if the request method was a GET or POST. Manually entering the field/value would register as a GET method. The request object should include a way to determine the request method.

This would require you use POST methods for every link which may not be feasible.
if you expire cache, the server will mimic the post exactly the same way you did the first time, you'll need to add incremental logic to see if the counter is a repeat.

otherwise go complete opposite and make sure pages don't expire.
keep data in a hidden form parameter and detect if the data is saved.  browsers will try to restore the saved data when people uses back and bingo..

here's an exerpt with someone getting this to work..
Depending on how serious you are about this, here is one solution:

For every link include an onclick=function().
For every page include an onload=checkstate() and onunload=updatestate().

This function will populate a textbox in a form visible but maybe outside the viewing area (i'll explain in a minute).

Whenever the function() executes, you should populate the textbox with something like a "Y".  The link still gets executed along with the function so the page navigates.  Also, the updatestate() function gets executed everytime a page changes.  You want this function to set the value of the textbox to "N" only when the value is not "Y".

The checkstate() function will run on every page load (the first hit, the second hit via back button, etc.).  This function will check the textbox for a value of "Y" or "".  If this is true do nothing, allow the page to load but reset the value of the textbox to "".  Otherwise, redirect to your login page.

When the user hits their back button only certain objects are cached by default in IE and NS.  Textboxes will keep their last text when the page was changed.  The trick is to make the textbox (not hidden) appear on the page but somewhere that the users won't see or interact with.  I have typically located this inside a floating layer which is set to hidden.  The textbox itself is visible so the cacheing scheme utilized by IE and NS will remain intact.

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Dean OBrienCommented:
Have your ASP login page open up in a new defined window (location, address bar disabled etc).  Then use session("Permission") variable to allow people access [i.e. if login is successfull asign = 'YES'].  

Then at the begining of each ASP page use "If session("Permission") = 'Yes'"  to control access. This way with the address bar missing the user can not go to yahoo then back.   The only way to go to yahoo is to close the window (thus closing the session, only way back through login), and open a new browser.

Might have missed something, but if not this is quite a simple approach.

easynow111, unless the user presses Ctrl + N and then changes the URL.

- OR -
Alt + N in Netscape.

Dean OBrienCommented:
valid point, did seem a little too easy!
PAQed - no points refunded (of 50)

Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.