?
Solved

Disabling Back button of Browser on Logout click

Posted on 2011-02-23
15
Medium Priority
?
960 Views
Last Modified: 2012-05-11
How to disable back button of the browser after logout  like Yahoo,Gmail etc for Security in asp.net
0
Comment
Question by:Shahid-Abbasi
  • 6
  • 4
  • 2
  • +3
15 Comments
 
LVL 9

Expert Comment

by:s_chilkury
ID: 34967620
The following javascript disables the back button

<script language="JavaScript">
      javascript:window.history.forward(1);
</script>

It works for both IE and Firefox
0
 
LVL 39

Expert Comment

by:Pratima Pharande
ID: 34967629
It is done by javascript. Cut the below script into your page where u want to disable the back button of IE

<script language="JavaScript">
  javascript:window.history.forward(1);
</script>
0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34967638
The JavaScript solutions will work, if they have JavaScript enabled. If you have someone disable JavaScript, you'll still have problems.

One of the clearer articles I found on how to do this from the ASP.NET side is http://www.4guysfromrolla.com/webtech/111500-1.shtml They discuss "disabling" the back button for other reasons, but it should work for you.

Other ASP.NET solutions / explanation of the solution can be found at
http://www.codeproject.com/KB/aspnet/NoCaching.aspx?msg=1193078
http://ranafaisal.wordpress.com/2009/02/20/disabling-browsers-back-functionality-on-logout-from-aspnet/
http://geekswithblogs.net/Frez/articles/back-button-issue-after-logout-in-asp.net.aspx
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 39

Expert Comment

by:Pratima Pharande
ID: 34967644
0
 
LVL 53

Expert Comment

by:Dhaest
ID: 34967662
The "Back" browser button (or for that matter any other browser button) cannot be actually disabled by a web application as the security context will not allow this (think of what nasty things could happen if web applications can remove buttons from client browsers!)

See for more information: http://geekswithblogs.net/vivek/archive/2007/02/24/107148.aspx 


I have had a lot of people ask, "How to I disable the back button?" or, "How do I prevent a user from clicking the back button and going back to the previous screen?" In fact, this is one of the most commonly asked questions on the ASPMessageboard and, sadly, the answer is quite simple: You CANNOT disable the back button of the browser.

Source: http://www.4guysfromrolla.com/webtech/111500-1.shtml 
0
 
LVL 8

Expert Comment

by:PagodNaUtak
ID: 34967703
If you are using master page then put the below code in the very first line of your master page page_load event otherwise put the below code in the page_load event of every page of your web application.

The code below ensures that the page is created and the one stored in the browser cached.
Response.Cache.SetCacheability(HttpCacheability.NoCache);

Open in new window

0
 

Author Comment

by:Shahid-Abbasi
ID: 34968612
thanks for reply me,i use Response.Cache.SetCacheability(HttpCacheability.NoCache); it work fine in ie but not in firefox i also use   Response.Buffer = true;
            Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
            Response.Expires = -1500;
            Response.CacheControl = "no-cache";
but same behaviour so how i can solve this issue in firefox
0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34968680
Did you try the following from http://www.4guysfromrolla.com/webtech/111500-1.shtml

<html>
<head>
  <meta http-equiv="Expires" CONTENT="0">
  <meta http-equiv="Cache-Control" CONTENT="no-cache">
  <meta http-equiv="Pragma" CONTENT="no-cache">
</head>

Open in new window


There are some other JavaScript solutions at http://www.4guysfromrolla.com/webtech/111500-1.2.shtml though there is always the possibility that the user will turn JavaScript off.

The directions at http://geekswithblogs.net/Frez/articles/back-button-issue-after-logout-in-asp.net.aspx seem to be a combination of the solutions, which should work for Firefox as well.  If the solution itself doesn't work, you could do what he suggests in the paragraph that starts with "One solution might be to send appropriate headers"
0
 

Author Comment

by:Shahid-Abbasi
ID: 34968781
I try meta tags but doesn't work in firefox , so when i use this script to disable back button like
  <script type="text/javascript">
                  function noBack() {
              window.history.forward();
              document.getElementById("<%=hdnfirsthit.ClientID %>").value = "1";            
          }
          noBack();
          window.onload = noBack;
          window.onpageshow = function(evt) { if (evt.persisted) noBack(); }
          window.onunload = function() { void (0); }            
</script>

it work in firefox but i want only execute on logout button not other pages.
0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34969283
You can use ClientScript.RegisterStartupScript (see http://bytes.com/topic/c-sharp/answers/849468-client-side-script) to call that function on the logout page.
0
 

Author Comment

by:Shahid-Abbasi
ID: 34977105
I try this code but it doesn't work in firefox and ie work fine,how i can execute this script after logout
  protected void Page_Init(object Sender, EventArgs e)
    {
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.Now.AddDays(-1));

    }



  protected void lbtnLogOut_Click(object sender, EventArgs e)
    {
   try
        {
           Page.ClientScript.RegisterStartupScript(this.GetType(), "MyScript", "DisableBackBT();", true);
            Session["LoginType"] = null;
            this.Session.Clear();
            Response.Redirect("Login.aspx", false);
            Response.Cache.SetExpires(DateTime.Now);
        }
        catch (Exception ex)
        {
        }

}

  //Clientside script
   <script type="text/javascript">
   
   
          function noBack() {
              window.history.forward();
                 
          }

          function DisableBackBT()
          {
          noBack();
          window.onload = noBack;
          window.onpageshow = function(evt) { if (evt.persisted) noBack(); }
          window.onunload = function() { void (0); }
          }    
       
</script>




0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34978477
Change your Response.Redirect to
Response.Redirect("Login.aspx?DisableBack=1", false);

Open in new window


Then, instead of Page.ClientScript.RegisterStartupScript being in the lbtnLogOut_Click method, put it in the Page_Load method of the login page. Only run it if the URL variable DisableBack equals 1.

The following line is also not running because it is after the redirect

Response.Cache.SetExpires(DateTime.Now);

Open in new window


0
 

Author Comment

by:Shahid-Abbasi
ID: 35146443
i will try this solution
0
 

Accepted Solution

by:
Shahid-Abbasi earned 0 total points
ID: 35372611
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.AddDays(-1));
Response.Cache.SetNoStore();

These are the lines thats work for me, It works both on IE and Firefox.
0
 

Author Closing Comment

by:Shahid-Abbasi
ID: 35406754
test comments
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In real business world data are crucial and sometimes data are shared among different information systems. Hence, an agreeable file transfer protocol need to be established.
Hello there! As a developer I have modified and refactored the unit tests which was written by fellow developers in the past. On the course, I have gone through various misconceptions and technical challenges when it comes to implementation. I would…
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…
Suggested Courses

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question