Solved

Problem with "Logout" in ASP.NET

Posted on 2010-09-03
1
550 Views
Last Modified: 2012-06-27
I'm having problem with LOGOUT in ASP.NET.

When I click on LOGOUT button it goes to Login Page but if I click on back button on my browser, it redirects to previous page and I can access all the pages.

How can I end the session so that even if I click back button, it'll go to login page?

I'm using Visual Studio 2008, C#.
Logout
----------

public partial class Logout : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            //Session.Clear();
            //Session.Abandon();
            FormsAuthentication.SignOut();
            Response.Redirect("~/Default.aspx", true);
            //FormsAuthentication.RedirectToLoginPage();
            
        }
    }

Open in new window

Login Control:

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class Control_Login : System.Web.UI.UserControl
{
    private UserMembershipProvider UserMembership = new UserMembershipProvider();
    private RoleProvider roleProvider = new RoleProvider();

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            if (Request.Cookies["CapProSoft_RememberMe"] != null)
            {
                UserName.Text = (Request.Cookies["CapProSoft_RememberMe"]["UserInfo"]);
            }
        }
    
    }
    protected void LoginButton_Click(object sender, EventArgs e)
    {
        try
        {
            if (UserMembership.ValidateUser(UserName.Text, Password.Text))
            {
                SetUserIdentity(UserName.Text.Trim());
                Session["UserType"] = UserMembership.StrUserType;

                string[] temp = roleProvider.GetRolesForUser(UserName.Text);
                string roles = "";


                roles += UserMembership.GetUsersDistrict(UserName.Text);
                roles += "|";
                roles += String.Join(",", temp);


                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                                                                                 UserName.Text,
                                                                                 DateTime.Now,
                                                                                 DateTime.Now.AddMinutes(30), // value of time out property
                                                                                 RememberMe.Checked, // Value of IsPersistent property
                                                                                 roles,
                                                                                 FormsAuthentication.FormsCookiePath);

                string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                HttpCookie authCookie = new HttpCookie(
                                            FormsAuthentication.FormsCookieName,
                                            encryptedTicket);

                Response.Cookies.Add(authCookie);



                if (RememberMe.Checked)
                {
                    Response.Cookies.Remove("CapProSoft_RememberMe"); //This will remove previous cookie 
                    HttpCookie myCookie = new HttpCookie("CapProSoft_RememberMe"); //new cookie object
                    Response.Cookies.Add(myCookie); //This will create new cookie   
                    myCookie.Values.Add("UserInfo", UserName.Text); //Add User Name                   
                    DateTime CookieExpir = DateTime.Now.AddDays(60); //Cookie life 
                    Response.Cookies["CapProSoft_RememberMe"].Expires = CookieExpir; //Maximum day of cookie's life  
                }


                if (UserMembership.GetPasswordChange(UserName.Text))
                {
                    Response.Redirect("~/Components/ChangePassword.aspx", true);
                }



                string strRedirect;
                strRedirect = Request["ReturnUrl"];
                if (strRedirect == null)
                    strRedirect = "~/Components/Home.aspx";
                Response.Redirect(strRedirect, true);
            }
            else
                Response.Redirect("~/Default.aspx", true);
        }
        catch (Exception ex)
        {
            Response.Write(ex.Message.ToString());
        }
    }
    private User SetUserIdentity(string strUserEmail)
    {
        User MyIdentity = new User();
        MyIdentity = UserMembership.GetUSerDetails(strUserEmail);
        Session["MyIdentity"] = MyIdentity;
        return MyIdentity;
    }
}

Open in new window

0
Comment
Question by:pawar_deepak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
judgeking earned 500 total points
ID: 33598277
Keep your Session.Clear(); in your logout code.  Then on every page have some code like:

if (Session["MyIdentity"] == null)
  Response.Redirect("Login.aspx", true);

If they hit back, they'll see the last page, but when they try to submit anything, they'll be redirected to the login screen.  This code should fix that:

Response.AppendHeader("Refresh", "5; url=Login.aspx");

I usually use a Web UserControl for this kind of thing, then just include it in the Master page or every page.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question