Solved

Disabling Back button of Browser on Logout click

Posted on 2011-02-23
15
926 Views
Last Modified: 2012-05-11
How to disable back button of the browser after logout  like Yahoo,Gmail etc for Security in asp.net
0
Comment
Question by:Shahid-Abbasi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +3
15 Comments
 
LVL 9

Expert Comment

by:s_chilkury
ID: 34967620
The following javascript disables the back button

<script language="JavaScript">
      javascript:window.history.forward(1);
</script>

It works for both IE and Firefox
0
 
LVL 39

Expert Comment

by:Pratima Pharande
ID: 34967629
It is done by javascript. Cut the below script into your page where u want to disable the back button of IE

<script language="JavaScript">
  javascript:window.history.forward(1);
</script>
0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34967638
The JavaScript solutions will work, if they have JavaScript enabled. If you have someone disable JavaScript, you'll still have problems.

One of the clearer articles I found on how to do this from the ASP.NET side is http://www.4guysfromrolla.com/webtech/111500-1.shtml They discuss "disabling" the back button for other reasons, but it should work for you.

Other ASP.NET solutions / explanation of the solution can be found at
http://www.codeproject.com/KB/aspnet/NoCaching.aspx?msg=1193078
http://ranafaisal.wordpress.com/2009/02/20/disabling-browsers-back-functionality-on-logout-from-aspnet/
http://geekswithblogs.net/Frez/articles/back-button-issue-after-logout-in-asp.net.aspx
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Expert Comment

by:Pratima Pharande
ID: 34967644
0
 
LVL 53

Expert Comment

by:Dhaest
ID: 34967662
The "Back" browser button (or for that matter any other browser button) cannot be actually disabled by a web application as the security context will not allow this (think of what nasty things could happen if web applications can remove buttons from client browsers!)

See for more information: http://geekswithblogs.net/vivek/archive/2007/02/24/107148.aspx 


I have had a lot of people ask, "How to I disable the back button?" or, "How do I prevent a user from clicking the back button and going back to the previous screen?" In fact, this is one of the most commonly asked questions on the ASPMessageboard and, sadly, the answer is quite simple: You CANNOT disable the back button of the browser.

Source: http://www.4guysfromrolla.com/webtech/111500-1.shtml 
0
 
LVL 8

Expert Comment

by:PagodNaUtak
ID: 34967703
If you are using master page then put the below code in the very first line of your master page page_load event otherwise put the below code in the page_load event of every page of your web application.

The code below ensures that the page is created and the one stored in the browser cached.
Response.Cache.SetCacheability(HttpCacheability.NoCache);

Open in new window

0
 

Author Comment

by:Shahid-Abbasi
ID: 34968612
thanks for reply me,i use Response.Cache.SetCacheability(HttpCacheability.NoCache); it work fine in ie but not in firefox i also use   Response.Buffer = true;
            Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
            Response.Expires = -1500;
            Response.CacheControl = "no-cache";
but same behaviour so how i can solve this issue in firefox
0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34968680
Did you try the following from http://www.4guysfromrolla.com/webtech/111500-1.shtml

<html>
<head>
  <meta http-equiv="Expires" CONTENT="0">
  <meta http-equiv="Cache-Control" CONTENT="no-cache">
  <meta http-equiv="Pragma" CONTENT="no-cache">
</head>

Open in new window


There are some other JavaScript solutions at http://www.4guysfromrolla.com/webtech/111500-1.2.shtml though there is always the possibility that the user will turn JavaScript off.

The directions at http://geekswithblogs.net/Frez/articles/back-button-issue-after-logout-in-asp.net.aspx seem to be a combination of the solutions, which should work for Firefox as well.  If the solution itself doesn't work, you could do what he suggests in the paragraph that starts with "One solution might be to send appropriate headers"
0
 

Author Comment

by:Shahid-Abbasi
ID: 34968781
I try meta tags but doesn't work in firefox , so when i use this script to disable back button like
  <script type="text/javascript">
                  function noBack() {
              window.history.forward();
              document.getElementById("<%=hdnfirsthit.ClientID %>").value = "1";            
          }
          noBack();
          window.onload = noBack;
          window.onpageshow = function(evt) { if (evt.persisted) noBack(); }
          window.onunload = function() { void (0); }            
</script>

it work in firefox but i want only execute on logout button not other pages.
0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34969283
You can use ClientScript.RegisterStartupScript (see http://bytes.com/topic/c-sharp/answers/849468-client-side-script) to call that function on the logout page.
0
 

Author Comment

by:Shahid-Abbasi
ID: 34977105
I try this code but it doesn't work in firefox and ie work fine,how i can execute this script after logout
  protected void Page_Init(object Sender, EventArgs e)
    {
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.Now.AddDays(-1));

    }



  protected void lbtnLogOut_Click(object sender, EventArgs e)
    {
   try
        {
           Page.ClientScript.RegisterStartupScript(this.GetType(), "MyScript", "DisableBackBT();", true);
            Session["LoginType"] = null;
            this.Session.Clear();
            Response.Redirect("Login.aspx", false);
            Response.Cache.SetExpires(DateTime.Now);
        }
        catch (Exception ex)
        {
        }

}

  //Clientside script
   <script type="text/javascript">
   
   
          function noBack() {
              window.history.forward();
                 
          }

          function DisableBackBT()
          {
          noBack();
          window.onload = noBack;
          window.onpageshow = function(evt) { if (evt.persisted) noBack(); }
          window.onunload = function() { void (0); }
          }    
       
</script>




0
 
LVL 14

Expert Comment

by:quizwedge
ID: 34978477
Change your Response.Redirect to
Response.Redirect("Login.aspx?DisableBack=1", false);

Open in new window


Then, instead of Page.ClientScript.RegisterStartupScript being in the lbtnLogOut_Click method, put it in the Page_Load method of the login page. Only run it if the URL variable DisableBack equals 1.

The following line is also not running because it is after the redirect

Response.Cache.SetExpires(DateTime.Now);

Open in new window


0
 

Author Comment

by:Shahid-Abbasi
ID: 35146443
i will try this solution
0
 

Accepted Solution

by:
Shahid-Abbasi earned 0 total points
ID: 35372611
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.AddDays(-1));
Response.Cache.SetNoStore();

These are the lines thats work for me, It works both on IE and Firefox.
0
 

Author Closing Comment

by:Shahid-Abbasi
ID: 35406754
test comments
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This document covers how to connect to SQL Server and browse its contents.  It is meant for those new to Visual Studio and/or working with Microsoft SQL Server.  It is not a guide to building SQL Server database connections in your code.  This is mo…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question