Solved

Block the forms after logout in ASP .Net 2.0

Posted on 2006-06-20
11
339 Views
Last Modified: 2008-01-09
Hi,

I have an ASP .Net 2.0 website, after the user clicks the logout button to log out. I don't want user to be able to go back to the forms. I know how to disable the back button in IE, but feel it isn't a very good approach. Can anyone help?

This is how I signed out:

Response.Redirect("~/Login.aspx", True)
System.Web.Security.FormsAuthentication.SignOut()


Thanks
0
Comment
Question by:CRIIT
  • 5
  • 4
  • 2
11 Comments
 
LVL 7

Expert Comment

by:whityum
ID: 16944984
good old html tags will say the page is expired:
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
0
 

Author Comment

by:CRIIT
ID: 16945106
i tried, but i still could go back.
0
 
LVL 3

Expert Comment

by:Maxim10553
ID: 16945194
Your correct in stating that disabling the IE back button is not a good way to trap this event. First of all this will not work for any non IE users, so unless you are rolling your application out in an intranet envirnoment I would suggest otherwise. Also i do not think users would be happy with you trying to hijack their browsers and disable thier standard options. I would say the best way to do this is to write code in the Page_Init event of the forms page to determine whether the user is logged in or not. If the user is not authenticated redirect them to the login page or display a custom message stating they must be loggin in to view the forms.  
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 7

Expert Comment

by:whityum
ID: 16945287
but that event won't fire, it will show him the page in memory.

try these:
      Response.AddHeader "Pragma", "no-store"
      Response.Cache-Control = "no-store"
      Response.Expires = -1
0
 

Author Comment

by:CRIIT
ID: 16945371
how do I determine whether the user is logged in or not in the page_init?
0
 
LVL 7

Expert Comment

by:whityum
ID: 16945451
sign them out before the redirect also, it's probably not even hitting that code.
0
 

Author Comment

by:CRIIT
ID: 16945738
yeah, my bad, i've changed that, now I signed the user out first and then redirect:

System.Web.Security.FormsAuthentication.SignOut()
Response.Redirect("~/Login.aspx", True)

but i still could go back,

btw, where should i use this code?

     Response.AddHeader "Pragma", "no-store"
     Response.Cache-Control = "no-store"
     Response.Expires = -1


thanks
0
 
LVL 7

Expert Comment

by:whityum
ID: 16945893
in the page_load function
0
 
LVL 7

Accepted Solution

by:
whityum earned 500 total points
ID: 16945924
that might be asp 3.0, try this

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0
 
LVL 3

Expert Comment

by:Maxim10553
ID: 16945981
you dont want to program page redirection in the page_load event.
0
 

Author Comment

by:CRIIT
ID: 16952096
thanks, this works perfectly!

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
imap mails 1 25
Deploying to Azure 3 39
Question about JQuery and asp.net 3 30
Winform Module - What is the ASP.Net equiv 2 28
One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question