Block the forms after logout in ASP .Net 2.0

Hi,

I have an ASP .Net 2.0 website, after the user clicks the logout button to log out. I don't want user to be able to go back to the forms. I know how to disable the back button in IE, but feel it isn't a very good approach. Can anyone help?

This is how I signed out:

Response.Redirect("~/Login.aspx", True)
System.Web.Security.FormsAuthentication.SignOut()


Thanks
CRIITAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
whityumConnect With a Mentor Commented:
that might be asp 3.0, try this

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0
 
whityumCommented:
good old html tags will say the page is expired:
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
0
 
CRIITAuthor Commented:
i tried, but i still could go back.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
Maxim10553Commented:
Your correct in stating that disabling the IE back button is not a good way to trap this event. First of all this will not work for any non IE users, so unless you are rolling your application out in an intranet envirnoment I would suggest otherwise. Also i do not think users would be happy with you trying to hijack their browsers and disable thier standard options. I would say the best way to do this is to write code in the Page_Init event of the forms page to determine whether the user is logged in or not. If the user is not authenticated redirect them to the login page or display a custom message stating they must be loggin in to view the forms.  
0
 
whityumCommented:
but that event won't fire, it will show him the page in memory.

try these:
      Response.AddHeader "Pragma", "no-store"
      Response.Cache-Control = "no-store"
      Response.Expires = -1
0
 
CRIITAuthor Commented:
how do I determine whether the user is logged in or not in the page_init?
0
 
whityumCommented:
sign them out before the redirect also, it's probably not even hitting that code.
0
 
CRIITAuthor Commented:
yeah, my bad, i've changed that, now I signed the user out first and then redirect:

System.Web.Security.FormsAuthentication.SignOut()
Response.Redirect("~/Login.aspx", True)

but i still could go back,

btw, where should i use this code?

     Response.AddHeader "Pragma", "no-store"
     Response.Cache-Control = "no-store"
     Response.Expires = -1


thanks
0
 
whityumCommented:
in the page_load function
0
 
Maxim10553Commented:
you dont want to program page redirection in the page_load event.
0
 
CRIITAuthor Commented:
thanks, this works perfectly!

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0
All Courses

From novice to tech pro — start learning today.