Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 953
  • Last Modified:

Disabling Back button of Browser on Logout click

How to disable back button of the browser after logout  like Yahoo,Gmail etc for Security in asp.net
0
Shahid-Abbasi
Asked:
Shahid-Abbasi
  • 6
  • 4
  • 2
  • +3
1 Solution
 
s_chilkuryCommented:
The following javascript disables the back button

<script language="JavaScript">
      javascript:window.history.forward(1);
</script>

It works for both IE and Firefox
0
 
Pratima PharandeCommented:
It is done by javascript. Cut the below script into your page where u want to disable the back button of IE

<script language="JavaScript">
  javascript:window.history.forward(1);
</script>
0
 
quizwedgeCommented:
The JavaScript solutions will work, if they have JavaScript enabled. If you have someone disable JavaScript, you'll still have problems.

One of the clearer articles I found on how to do this from the ASP.NET side is http://www.4guysfromrolla.com/webtech/111500-1.shtml They discuss "disabling" the back button for other reasons, but it should work for you.

Other ASP.NET solutions / explanation of the solution can be found at
http://www.codeproject.com/KB/aspnet/NoCaching.aspx?msg=1193078
http://ranafaisal.wordpress.com/2009/02/20/disabling-browsers-back-functionality-on-logout-from-aspnet/
http://geekswithblogs.net/Frez/articles/back-button-issue-after-logout-in-asp.net.aspx
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
DhaestCommented:
The "Back" browser button (or for that matter any other browser button) cannot be actually disabled by a web application as the security context will not allow this (think of what nasty things could happen if web applications can remove buttons from client browsers!)

See for more information: http://geekswithblogs.net/vivek/archive/2007/02/24/107148.aspx 


I have had a lot of people ask, "How to I disable the back button?" or, "How do I prevent a user from clicking the back button and going back to the previous screen?" In fact, this is one of the most commonly asked questions on the ASPMessageboard and, sadly, the answer is quite simple: You CANNOT disable the back button of the browser.

Source: http://www.4guysfromrolla.com/webtech/111500-1.shtml 
0
 
PagodNaUtakCommented:
If you are using master page then put the below code in the very first line of your master page page_load event otherwise put the below code in the page_load event of every page of your web application.

The code below ensures that the page is created and the one stored in the browser cached.
Response.Cache.SetCacheability(HttpCacheability.NoCache);

Open in new window

0
 
Shahid-AbbasiAuthor Commented:
thanks for reply me,i use Response.Cache.SetCacheability(HttpCacheability.NoCache); it work fine in ie but not in firefox i also use   Response.Buffer = true;
            Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
            Response.Expires = -1500;
            Response.CacheControl = "no-cache";
but same behaviour so how i can solve this issue in firefox
0
 
quizwedgeCommented:
Did you try the following from http://www.4guysfromrolla.com/webtech/111500-1.shtml

<html>
<head>
  <meta http-equiv="Expires" CONTENT="0">
  <meta http-equiv="Cache-Control" CONTENT="no-cache">
  <meta http-equiv="Pragma" CONTENT="no-cache">
</head>

Open in new window


There are some other JavaScript solutions at http://www.4guysfromrolla.com/webtech/111500-1.2.shtml though there is always the possibility that the user will turn JavaScript off.

The directions at http://geekswithblogs.net/Frez/articles/back-button-issue-after-logout-in-asp.net.aspx seem to be a combination of the solutions, which should work for Firefox as well.  If the solution itself doesn't work, you could do what he suggests in the paragraph that starts with "One solution might be to send appropriate headers"
0
 
Shahid-AbbasiAuthor Commented:
I try meta tags but doesn't work in firefox , so when i use this script to disable back button like
  <script type="text/javascript">
                  function noBack() {
              window.history.forward();
              document.getElementById("<%=hdnfirsthit.ClientID %>").value = "1";            
          }
          noBack();
          window.onload = noBack;
          window.onpageshow = function(evt) { if (evt.persisted) noBack(); }
          window.onunload = function() { void (0); }            
</script>

it work in firefox but i want only execute on logout button not other pages.
0
 
quizwedgeCommented:
You can use ClientScript.RegisterStartupScript (see http://bytes.com/topic/c-sharp/answers/849468-client-side-script) to call that function on the logout page.
0
 
Shahid-AbbasiAuthor Commented:
I try this code but it doesn't work in firefox and ie work fine,how i can execute this script after logout
  protected void Page_Init(object Sender, EventArgs e)
    {
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.Now.AddDays(-1));

    }



  protected void lbtnLogOut_Click(object sender, EventArgs e)
    {
   try
        {
           Page.ClientScript.RegisterStartupScript(this.GetType(), "MyScript", "DisableBackBT();", true);
            Session["LoginType"] = null;
            this.Session.Clear();
            Response.Redirect("Login.aspx", false);
            Response.Cache.SetExpires(DateTime.Now);
        }
        catch (Exception ex)
        {
        }

}

  //Clientside script
   <script type="text/javascript">
   
   
          function noBack() {
              window.history.forward();
                 
          }

          function DisableBackBT()
          {
          noBack();
          window.onload = noBack;
          window.onpageshow = function(evt) { if (evt.persisted) noBack(); }
          window.onunload = function() { void (0); }
          }    
       
</script>




0
 
quizwedgeCommented:
Change your Response.Redirect to
Response.Redirect("Login.aspx?DisableBack=1", false);

Open in new window


Then, instead of Page.ClientScript.RegisterStartupScript being in the lbtnLogOut_Click method, put it in the Page_Load method of the login page. Only run it if the URL variable DisableBack equals 1.

The following line is also not running because it is after the redirect

Response.Cache.SetExpires(DateTime.Now);

Open in new window


0
 
Shahid-AbbasiAuthor Commented:
i will try this solution
0
 
Shahid-AbbasiAuthor Commented:
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.AddDays(-1));
Response.Cache.SetNoStore();

These are the lines thats work for me, It works both on IE and Firefox.
0
 
Shahid-AbbasiAuthor Commented:
test comments
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 6
  • 4
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now