CRIIT
asked on
Block the forms after logout in ASP .Net 2.0
Hi,
I have an ASP .Net 2.0 website, after the user clicks the logout button to log out. I don't want user to be able to go back to the forms. I know how to disable the back button in IE, but feel it isn't a very good approach. Can anyone help?
This is how I signed out:
Response.Redirect("~/Login .aspx", True)
System.Web.Security.FormsA uthenticat ion.SignOu t()
Thanks
I have an ASP .Net 2.0 website, after the user clicks the logout button to log out. I don't want user to be able to go back to the forms. I know how to disable the back button in IE, but feel it isn't a very good approach. Can anyone help?
This is how I signed out:
Response.Redirect("~/Login
System.Web.Security.FormsA
Thanks
ASKER
i tried, but i still could go back.
Your correct in stating that disabling the IE back button is not a good way to trap this event. First of all this will not work for any non IE users, so unless you are rolling your application out in an intranet envirnoment I would suggest otherwise. Also i do not think users would be happy with you trying to hijack their browsers and disable thier standard options. I would say the best way to do this is to write code in the Page_Init event of the forms page to determine whether the user is logged in or not. If the user is not authenticated redirect them to the login page or display a custom message stating they must be loggin in to view the forms.
but that event won't fire, it will show him the page in memory.
try these:
Response.AddHeader "Pragma", "no-store"
Response.Cache-Control = "no-store"
Response.Expires = -1
try these:
Response.AddHeader "Pragma", "no-store"
Response.Cache-Control = "no-store"
Response.Expires = -1
ASKER
how do I determine whether the user is logged in or not in the page_init?
sign them out before the redirect also, it's probably not even hitting that code.
ASKER
yeah, my bad, i've changed that, now I signed the user out first and then redirect:
System.Web.Security.FormsA uthenticat ion.SignOu t()
Response.Redirect("~/Login .aspx", True)
but i still could go back,
btw, where should i use this code?
Response.AddHeader "Pragma", "no-store"
Response.Cache-Control = "no-store"
Response.Expires = -1
thanks
System.Web.Security.FormsA
Response.Redirect("~/Login
but i still could go back,
btw, where should i use this code?
Response.AddHeader "Pragma", "no-store"
Response.Cache-Control = "no-store"
Response.Expires = -1
thanks
in the page_load function
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you dont want to program page redirection in the page_load event.
ASKER
thanks, this works perfectly!
Response.Cache.SetCacheabi lity(HttpC acheabilit y.NoCache) ;
Response.Cache.SetCacheabi
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">