[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

Block the forms after logout in ASP .Net 2.0

Hi,

I have an ASP .Net 2.0 website, after the user clicks the logout button to log out. I don't want user to be able to go back to the forms. I know how to disable the back button in IE, but feel it isn't a very good approach. Can anyone help?

This is how I signed out:

Response.Redirect("~/Login.aspx", True)
System.Web.Security.FormsAuthentication.SignOut()


Thanks
0
CRIIT
Asked:
CRIIT
  • 5
  • 4
  • 2
1 Solution
 
whityumCommented:
good old html tags will say the page is expired:
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
0
 
CRIITAuthor Commented:
i tried, but i still could go back.
0
 
Maxim10553Commented:
Your correct in stating that disabling the IE back button is not a good way to trap this event. First of all this will not work for any non IE users, so unless you are rolling your application out in an intranet envirnoment I would suggest otherwise. Also i do not think users would be happy with you trying to hijack their browsers and disable thier standard options. I would say the best way to do this is to write code in the Page_Init event of the forms page to determine whether the user is logged in or not. If the user is not authenticated redirect them to the login page or display a custom message stating they must be loggin in to view the forms.  
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
whityumCommented:
but that event won't fire, it will show him the page in memory.

try these:
      Response.AddHeader "Pragma", "no-store"
      Response.Cache-Control = "no-store"
      Response.Expires = -1
0
 
CRIITAuthor Commented:
how do I determine whether the user is logged in or not in the page_init?
0
 
whityumCommented:
sign them out before the redirect also, it's probably not even hitting that code.
0
 
CRIITAuthor Commented:
yeah, my bad, i've changed that, now I signed the user out first and then redirect:

System.Web.Security.FormsAuthentication.SignOut()
Response.Redirect("~/Login.aspx", True)

but i still could go back,

btw, where should i use this code?

     Response.AddHeader "Pragma", "no-store"
     Response.Cache-Control = "no-store"
     Response.Expires = -1


thanks
0
 
whityumCommented:
in the page_load function
0
 
whityumCommented:
that might be asp 3.0, try this

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0
 
Maxim10553Commented:
you dont want to program page redirection in the page_load event.
0
 
CRIITAuthor Commented:
thanks, this works perfectly!

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now