Solved

Back Button issue after Logout in ASP.NET - onTick, Redirecting works on DEV but not on PROD environment

Posted on 2014-10-14
2
694 Views
Last Modified: 2014-10-16
Hello,

I've been experiencing a very strange behavior on PROD environment.  

I was told to tighten up the security that after logout, user cannot use browser back button to view pages.  Following the reference link below, I make it works on DEV that when user logs out, it clears session and redirects to login page.  However on PROD environment, on Chrome, Network tab, I see LogoutPage.aspx, status canceled in a loop,  the ticker keeps firing... and I can't do anything but close the browser.

http://geekswithblogs.net/Frez/archive/2010/05/18/back-button-issue-after-logout-in-asp.net.aspx

Below is the message in the 'Headers'

Request URL:https://site.com/LogoutPage.aspx
Request Headers
Provisional headers are shown
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type:application/x-www-form-urlencoded
Origin:https://site.com
Referer:https://site.com/LogoutPage.aspx
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id:1008F0FA-5726-49CF-876E-CC92AB62CB41
Form Dataview sourceview URL encoded
__EVENTTARGET:ctl00$MainContent$Timer1
__EVENTARGUMENT:
__VIEWSTATE:/wEPDwULLTEwMjE0NDM4MjMPZBYCZg9kFgICAw9kFg4CAQ8PFgIeCEltYWdlVXJsBUVodHRwczovL3NtYXJ0dG9vbHMuc3NpLnNhbXN.....




LogoutPage.aspx
/******************************************************************************/
<asp:Timer ID="Timer1" runat="server" Interval="1000" ontick="Timer1_Tick">  
</asp:Timer>
<script type="text/javascript">
    window.history.forward(1);
</script>
/******************************************************************************/

LogoutPage.aspx.vb
/**************************************************************************************/
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Me.Master.FindControl("TopMenu").Visible = False
        Me.Master.FindControl("LeftMenu1").Visible = False
        Me.Master.FindControl("BreadCrumb1").Visible = False

        Session.Clear()
        Session.Abandon()
        Session.RemoveAll()

        Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
        Response.Cache.SetCacheability(HttpCacheability.NoCache)
        Response.Cache.SetNoStore()
 End Sub

Protected Sub Timer1_Tick(ByVal sender As Object, ByVal e As System.EventArgs) Handles Timer1.Tick
        FormsAuthentication.SignOut()
        Response.Redirect("~/LoginPage.aspx", True)
End Sub
/******************************************************************************************/

The problem is I don't have access to PROD so I don't really know what is happening here.  I could replicate the issue on DEV by redirecting to a page not found (LoginPagexxxx.aspx) but that doesn't seem like the issue because 'LoginPage.aspx' is there on PROD, when user is not logged in and tries to access a password protected page, it redirects the user to 'LoginPage.aspx' just fine.

Please tell me what the difference is between DEV & PROD?

Thanks in advance.
0
Comment
Question by:levbao
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Accepted Solution

by:
levbao earned 0 total points
ID: 40385209
Never mind.  I solved it by removing the onTick event and put this in master page:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetNoStore()

Thanks
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question