• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 567
  • Last Modified:

Problem with "Logout" in ASP.NET

I'm having problem with LOGOUT in ASP.NET.

When I click on LOGOUT button it goes to Login Page but if I click on back button on my browser, it redirects to previous page and I can access all the pages.

How can I end the session so that even if I click back button, it'll go to login page?

I'm using Visual Studio 2008, C#.
Logout
----------

public partial class Logout : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            //Session.Clear();
            //Session.Abandon();
            FormsAuthentication.SignOut();
            Response.Redirect("~/Default.aspx", true);
            //FormsAuthentication.RedirectToLoginPage();
            
        }
    }

Open in new window

Login Control:

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class Control_Login : System.Web.UI.UserControl
{
    private UserMembershipProvider UserMembership = new UserMembershipProvider();
    private RoleProvider roleProvider = new RoleProvider();

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            if (Request.Cookies["CapProSoft_RememberMe"] != null)
            {
                UserName.Text = (Request.Cookies["CapProSoft_RememberMe"]["UserInfo"]);
            }
        }
    
    }
    protected void LoginButton_Click(object sender, EventArgs e)
    {
        try
        {
            if (UserMembership.ValidateUser(UserName.Text, Password.Text))
            {
                SetUserIdentity(UserName.Text.Trim());
                Session["UserType"] = UserMembership.StrUserType;

                string[] temp = roleProvider.GetRolesForUser(UserName.Text);
                string roles = "";


                roles += UserMembership.GetUsersDistrict(UserName.Text);
                roles += "|";
                roles += String.Join(",", temp);


                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                                                                                 UserName.Text,
                                                                                 DateTime.Now,
                                                                                 DateTime.Now.AddMinutes(30), // value of time out property
                                                                                 RememberMe.Checked, // Value of IsPersistent property
                                                                                 roles,
                                                                                 FormsAuthentication.FormsCookiePath);

                string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                HttpCookie authCookie = new HttpCookie(
                                            FormsAuthentication.FormsCookieName,
                                            encryptedTicket);

                Response.Cookies.Add(authCookie);



                if (RememberMe.Checked)
                {
                    Response.Cookies.Remove("CapProSoft_RememberMe"); //This will remove previous cookie 
                    HttpCookie myCookie = new HttpCookie("CapProSoft_RememberMe"); //new cookie object
                    Response.Cookies.Add(myCookie); //This will create new cookie   
                    myCookie.Values.Add("UserInfo", UserName.Text); //Add User Name                   
                    DateTime CookieExpir = DateTime.Now.AddDays(60); //Cookie life 
                    Response.Cookies["CapProSoft_RememberMe"].Expires = CookieExpir; //Maximum day of cookie's life  
                }


                if (UserMembership.GetPasswordChange(UserName.Text))
                {
                    Response.Redirect("~/Components/ChangePassword.aspx", true);
                }



                string strRedirect;
                strRedirect = Request["ReturnUrl"];
                if (strRedirect == null)
                    strRedirect = "~/Components/Home.aspx";
                Response.Redirect(strRedirect, true);
            }
            else
                Response.Redirect("~/Default.aspx", true);
        }
        catch (Exception ex)
        {
            Response.Write(ex.Message.ToString());
        }
    }
    private User SetUserIdentity(string strUserEmail)
    {
        User MyIdentity = new User();
        MyIdentity = UserMembership.GetUSerDetails(strUserEmail);
        Session["MyIdentity"] = MyIdentity;
        return MyIdentity;
    }
}

Open in new window

0
pawar_deepak
Asked:
pawar_deepak
1 Solution
 
judgekingCommented:
Keep your Session.Clear(); in your logout code.  Then on every page have some code like:

if (Session["MyIdentity"] == null)
  Response.Redirect("Login.aspx", true);

If they hit back, they'll see the last page, but when they try to submit anything, they'll be redirected to the login screen.  This code should fix that:

Response.AppendHeader("Refresh", "5; url=Login.aspx");

I usually use a Web UserControl for this kind of thing, then just include it in the Master page or every page.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now