• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 571
  • Last Modified:

Problem with "Logout" in ASP.NET

I'm having problem with LOGOUT in ASP.NET.

When I click on LOGOUT button it goes to Login Page but if I click on back button on my browser, it redirects to previous page and I can access all the pages.

How can I end the session so that even if I click back button, it'll go to login page?

I'm using Visual Studio 2008, C#.

public partial class Logout : System.Web.UI.Page
        protected void Page_Load(object sender, EventArgs e)
            Response.Redirect("~/Default.aspx", true);

Open in new window

Login Control:

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class Control_Login : System.Web.UI.UserControl
    private UserMembershipProvider UserMembership = new UserMembershipProvider();
    private RoleProvider roleProvider = new RoleProvider();

    protected void Page_Load(object sender, EventArgs e)
        if (!Page.IsPostBack)
            if (Request.Cookies["CapProSoft_RememberMe"] != null)
                UserName.Text = (Request.Cookies["CapProSoft_RememberMe"]["UserInfo"]);
    protected void LoginButton_Click(object sender, EventArgs e)
            if (UserMembership.ValidateUser(UserName.Text, Password.Text))
                Session["UserType"] = UserMembership.StrUserType;

                string[] temp = roleProvider.GetRolesForUser(UserName.Text);
                string roles = "";

                roles += UserMembership.GetUsersDistrict(UserName.Text);
                roles += "|";
                roles += String.Join(",", temp);

                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                                                                                 DateTime.Now.AddMinutes(30), // value of time out property
                                                                                 RememberMe.Checked, // Value of IsPersistent property

                string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                HttpCookie authCookie = new HttpCookie(


                if (RememberMe.Checked)
                    Response.Cookies.Remove("CapProSoft_RememberMe"); //This will remove previous cookie 
                    HttpCookie myCookie = new HttpCookie("CapProSoft_RememberMe"); //new cookie object
                    Response.Cookies.Add(myCookie); //This will create new cookie   
                    myCookie.Values.Add("UserInfo", UserName.Text); //Add User Name                   
                    DateTime CookieExpir = DateTime.Now.AddDays(60); //Cookie life 
                    Response.Cookies["CapProSoft_RememberMe"].Expires = CookieExpir; //Maximum day of cookie's life  

                if (UserMembership.GetPasswordChange(UserName.Text))
                    Response.Redirect("~/Components/ChangePassword.aspx", true);

                string strRedirect;
                strRedirect = Request["ReturnUrl"];
                if (strRedirect == null)
                    strRedirect = "~/Components/Home.aspx";
                Response.Redirect(strRedirect, true);
                Response.Redirect("~/Default.aspx", true);
        catch (Exception ex)
    private User SetUserIdentity(string strUserEmail)
        User MyIdentity = new User();
        MyIdentity = UserMembership.GetUSerDetails(strUserEmail);
        Session["MyIdentity"] = MyIdentity;
        return MyIdentity;

Open in new window

1 Solution
Keep your Session.Clear(); in your logout code.  Then on every page have some code like:

if (Session["MyIdentity"] == null)
  Response.Redirect("Login.aspx", true);

If they hit back, they'll see the last page, but when they try to submit anything, they'll be redirected to the login screen.  This code should fix that:

Response.AppendHeader("Refresh", "5; url=Login.aspx");

I usually use a Web UserControl for this kind of thing, then just include it in the Master page or every page.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now