Solved

Problem with "Logout" in ASP.NET

Posted on 2010-09-03
1
542 Views
Last Modified: 2012-06-27
I'm having problem with LOGOUT in ASP.NET.

When I click on LOGOUT button it goes to Login Page but if I click on back button on my browser, it redirects to previous page and I can access all the pages.

How can I end the session so that even if I click back button, it'll go to login page?

I'm using Visual Studio 2008, C#.
Logout
----------

public partial class Logout : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            //Session.Clear();
            //Session.Abandon();
            FormsAuthentication.SignOut();
            Response.Redirect("~/Default.aspx", true);
            //FormsAuthentication.RedirectToLoginPage();
            
        }
    }

Open in new window

Login Control:

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class Control_Login : System.Web.UI.UserControl
{
    private UserMembershipProvider UserMembership = new UserMembershipProvider();
    private RoleProvider roleProvider = new RoleProvider();

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            if (Request.Cookies["CapProSoft_RememberMe"] != null)
            {
                UserName.Text = (Request.Cookies["CapProSoft_RememberMe"]["UserInfo"]);
            }
        }
    
    }
    protected void LoginButton_Click(object sender, EventArgs e)
    {
        try
        {
            if (UserMembership.ValidateUser(UserName.Text, Password.Text))
            {
                SetUserIdentity(UserName.Text.Trim());
                Session["UserType"] = UserMembership.StrUserType;

                string[] temp = roleProvider.GetRolesForUser(UserName.Text);
                string roles = "";


                roles += UserMembership.GetUsersDistrict(UserName.Text);
                roles += "|";
                roles += String.Join(",", temp);


                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                                                                                 UserName.Text,
                                                                                 DateTime.Now,
                                                                                 DateTime.Now.AddMinutes(30), // value of time out property
                                                                                 RememberMe.Checked, // Value of IsPersistent property
                                                                                 roles,
                                                                                 FormsAuthentication.FormsCookiePath);

                string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                HttpCookie authCookie = new HttpCookie(
                                            FormsAuthentication.FormsCookieName,
                                            encryptedTicket);

                Response.Cookies.Add(authCookie);



                if (RememberMe.Checked)
                {
                    Response.Cookies.Remove("CapProSoft_RememberMe"); //This will remove previous cookie 
                    HttpCookie myCookie = new HttpCookie("CapProSoft_RememberMe"); //new cookie object
                    Response.Cookies.Add(myCookie); //This will create new cookie   
                    myCookie.Values.Add("UserInfo", UserName.Text); //Add User Name                   
                    DateTime CookieExpir = DateTime.Now.AddDays(60); //Cookie life 
                    Response.Cookies["CapProSoft_RememberMe"].Expires = CookieExpir; //Maximum day of cookie's life  
                }


                if (UserMembership.GetPasswordChange(UserName.Text))
                {
                    Response.Redirect("~/Components/ChangePassword.aspx", true);
                }



                string strRedirect;
                strRedirect = Request["ReturnUrl"];
                if (strRedirect == null)
                    strRedirect = "~/Components/Home.aspx";
                Response.Redirect(strRedirect, true);
            }
            else
                Response.Redirect("~/Default.aspx", true);
        }
        catch (Exception ex)
        {
            Response.Write(ex.Message.ToString());
        }
    }
    private User SetUserIdentity(string strUserEmail)
    {
        User MyIdentity = new User();
        MyIdentity = UserMembership.GetUSerDetails(strUserEmail);
        Session["MyIdentity"] = MyIdentity;
        return MyIdentity;
    }
}

Open in new window

0
Comment
Question by:pawar_deepak
1 Comment
 
LVL 6

Accepted Solution

by:
judgeking earned 500 total points
ID: 33598277
Keep your Session.Clear(); in your logout code.  Then on every page have some code like:

if (Session["MyIdentity"] == null)
  Response.Redirect("Login.aspx", true);

If they hit back, they'll see the last page, but when they try to submit anything, they'll be redirected to the login screen.  This code should fix that:

Response.AppendHeader("Refresh", "5; url=Login.aspx");

I usually use a Web UserControl for this kind of thing, then just include it in the Master page or every page.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now