Solved

Back Button issue after Logout in ASP.NET - onTick, Redirecting works on DEV but not on PROD environment

Posted on 2014-10-14
2
686 Views
Last Modified: 2014-10-16
Hello,

I've been experiencing a very strange behavior on PROD environment.  

I was told to tighten up the security that after logout, user cannot use browser back button to view pages.  Following the reference link below, I make it works on DEV that when user logs out, it clears session and redirects to login page.  However on PROD environment, on Chrome, Network tab, I see LogoutPage.aspx, status canceled in a loop,  the ticker keeps firing... and I can't do anything but close the browser.

http://geekswithblogs.net/Frez/archive/2010/05/18/back-button-issue-after-logout-in-asp.net.aspx

Below is the message in the 'Headers'

Request URL:https://site.com/LogoutPage.aspx
Request Headers
Provisional headers are shown
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type:application/x-www-form-urlencoded
Origin:https://site.com
Referer:https://site.com/LogoutPage.aspx
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id:1008F0FA-5726-49CF-876E-CC92AB62CB41
Form Dataview sourceview URL encoded
__EVENTTARGET:ctl00$MainContent$Timer1
__EVENTARGUMENT:
__VIEWSTATE:/wEPDwULLTEwMjE0NDM4MjMPZBYCZg9kFgICAw9kFg4CAQ8PFgIeCEltYWdlVXJsBUVodHRwczovL3NtYXJ0dG9vbHMuc3NpLnNhbXN.....




LogoutPage.aspx
/******************************************************************************/
<asp:Timer ID="Timer1" runat="server" Interval="1000" ontick="Timer1_Tick">  
</asp:Timer>
<script type="text/javascript">
    window.history.forward(1);
</script>
/******************************************************************************/

LogoutPage.aspx.vb
/**************************************************************************************/
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Me.Master.FindControl("TopMenu").Visible = False
        Me.Master.FindControl("LeftMenu1").Visible = False
        Me.Master.FindControl("BreadCrumb1").Visible = False

        Session.Clear()
        Session.Abandon()
        Session.RemoveAll()

        Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
        Response.Cache.SetCacheability(HttpCacheability.NoCache)
        Response.Cache.SetNoStore()
 End Sub

Protected Sub Timer1_Tick(ByVal sender As Object, ByVal e As System.EventArgs) Handles Timer1.Tick
        FormsAuthentication.SignOut()
        Response.Redirect("~/LoginPage.aspx", True)
End Sub
/******************************************************************************************/

The problem is I don't have access to PROD so I don't really know what is happening here.  I could replicate the issue on DEV by redirecting to a page not found (LoginPagexxxx.aspx) but that doesn't seem like the issue because 'LoginPage.aspx' is there on PROD, when user is not logged in and tries to access a password protected page, it redirects the user to 'LoginPage.aspx' just fine.

Please tell me what the difference is between DEV & PROD?

Thanks in advance.
0
Comment
Question by:levbao
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Accepted Solution

by:
levbao earned 0 total points
ID: 40385209
Never mind.  I solved it by removing the onTick event and put this in master page:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetNoStore()

Thanks
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A publishing tool, a Version Control System, or a Collaboration Platform! These can be some of the defining words for the two very famous web-hosting Git repositories: Bitbucket and Github. Git is widely used amongst the programmers and developers f…
Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question