Solved

Disabling Back button of Browser on Logout click

Posted on 2011-02-23
15
901 Views
Last Modified: 2012-05-11
How to disable back button of the browser after logout  like Yahoo,Gmail etc for Security in asp.net
0
Comment
Question by:Shahid-Abbasi
  • 6
  • 4
  • 2
  • +3
15 Comments
 
LVL 9

Expert Comment

by:s_chilkury
ID: 34967620
The following javascript disables the back button

<script language="JavaScript">
      javascript:window.history.forward(1);
</script>

It works for both IE and Firefox
0
 
LVL 39

Expert Comment

by:Pratima Pharande
ID: 34967629
It is done by javascript. Cut the below script into your page where u want to disable the back button of IE

<script language="JavaScript">
  javascript:window.history.forward(1);
</script>
0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34967638
The JavaScript solutions will work, if they have JavaScript enabled. If you have someone disable JavaScript, you'll still have problems.

One of the clearer articles I found on how to do this from the ASP.NET side is http://www.4guysfromrolla.com/webtech/111500-1.shtml They discuss "disabling" the back button for other reasons, but it should work for you.

Other ASP.NET solutions / explanation of the solution can be found at
http://www.codeproject.com/KB/aspnet/NoCaching.aspx?msg=1193078
http://ranafaisal.wordpress.com/2009/02/20/disabling-browsers-back-functionality-on-logout-from-aspnet/
http://geekswithblogs.net/Frez/articles/back-button-issue-after-logout-in-asp.net.aspx
0
 
LVL 39

Expert Comment

by:Pratima Pharande
ID: 34967644
0
 
LVL 53

Expert Comment

by:Dhaest
ID: 34967662
The "Back" browser button (or for that matter any other browser button) cannot be actually disabled by a web application as the security context will not allow this (think of what nasty things could happen if web applications can remove buttons from client browsers!)

See for more information: http://geekswithblogs.net/vivek/archive/2007/02/24/107148.aspx 


I have had a lot of people ask, "How to I disable the back button?" or, "How do I prevent a user from clicking the back button and going back to the previous screen?" In fact, this is one of the most commonly asked questions on the ASPMessageboard and, sadly, the answer is quite simple: You CANNOT disable the back button of the browser.

Source: http://www.4guysfromrolla.com/webtech/111500-1.shtml 
0
 
LVL 8

Expert Comment

by:PagodNaUtak
ID: 34967703
If you are using master page then put the below code in the very first line of your master page page_load event otherwise put the below code in the page_load event of every page of your web application.

The code below ensures that the page is created and the one stored in the browser cached.
Response.Cache.SetCacheability(HttpCacheability.NoCache);

Open in new window

0
 

Author Comment

by:Shahid-Abbasi
ID: 34968612
thanks for reply me,i use Response.Cache.SetCacheability(HttpCacheability.NoCache); it work fine in ie but not in firefox i also use   Response.Buffer = true;
            Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
            Response.Expires = -1500;
            Response.CacheControl = "no-cache";
but same behaviour so how i can solve this issue in firefox
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 14

Expert Comment

by:quizwedge
ID: 34968680
Did you try the following from http://www.4guysfromrolla.com/webtech/111500-1.shtml

<html>
<head>
  <meta http-equiv="Expires" CONTENT="0">
  <meta http-equiv="Cache-Control" CONTENT="no-cache">
  <meta http-equiv="Pragma" CONTENT="no-cache">
</head>

Open in new window


There are some other JavaScript solutions at http://www.4guysfromrolla.com/webtech/111500-1.2.shtml though there is always the possibility that the user will turn JavaScript off.

The directions at http://geekswithblogs.net/Frez/articles/back-button-issue-after-logout-in-asp.net.aspx seem to be a combination of the solutions, which should work for Firefox as well.  If the solution itself doesn't work, you could do what he suggests in the paragraph that starts with "One solution might be to send appropriate headers"
0
 

Author Comment

by:Shahid-Abbasi
ID: 34968781
I try meta tags but doesn't work in firefox , so when i use this script to disable back button like
  <script type="text/javascript">
                  function noBack() {
              window.history.forward();
              document.getElementById("<%=hdnfirsthit.ClientID %>").value = "1";            
          }
          noBack();
          window.onload = noBack;
          window.onpageshow = function(evt) { if (evt.persisted) noBack(); }
          window.onunload = function() { void (0); }            
</script>

it work in firefox but i want only execute on logout button not other pages.
0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34969283
You can use ClientScript.RegisterStartupScript (see http://bytes.com/topic/c-sharp/answers/849468-client-side-script) to call that function on the logout page.
0
 

Author Comment

by:Shahid-Abbasi
ID: 34977105
I try this code but it doesn't work in firefox and ie work fine,how i can execute this script after logout
  protected void Page_Init(object Sender, EventArgs e)
    {
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.Now.AddDays(-1));

    }



  protected void lbtnLogOut_Click(object sender, EventArgs e)
    {
   try
        {
           Page.ClientScript.RegisterStartupScript(this.GetType(), "MyScript", "DisableBackBT();", true);
            Session["LoginType"] = null;
            this.Session.Clear();
            Response.Redirect("Login.aspx", false);
            Response.Cache.SetExpires(DateTime.Now);
        }
        catch (Exception ex)
        {
        }

}

  //Clientside script
   <script type="text/javascript">
   
   
          function noBack() {
              window.history.forward();
                 
          }

          function DisableBackBT()
          {
          noBack();
          window.onload = noBack;
          window.onpageshow = function(evt) { if (evt.persisted) noBack(); }
          window.onunload = function() { void (0); }
          }    
       
</script>




0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34978477
Change your Response.Redirect to
Response.Redirect("Login.aspx?DisableBack=1", false);

Open in new window


Then, instead of Page.ClientScript.RegisterStartupScript being in the lbtnLogOut_Click method, put it in the Page_Load method of the login page. Only run it if the URL variable DisableBack equals 1.

The following line is also not running because it is after the redirect

Response.Cache.SetExpires(DateTime.Now);

Open in new window


0
 

Author Comment

by:Shahid-Abbasi
ID: 35146443
i will try this solution
0
 

Accepted Solution

by:
Shahid-Abbasi earned 0 total points
ID: 35372611
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.AddDays(-1));
Response.Cache.SetNoStore();

These are the lines thats work for me, It works both on IE and Firefox.
0
 

Author Closing Comment

by:Shahid-Abbasi
ID: 35406754
test comments
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Access Web appliction 7 47
Error in query expression 3 35
Syntax Error 2 45
rebind a grid after user clicks on node in treeview 1 13
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now