Solved

Back Button issue after Logout in ASP.NET - onTick, Redirecting works on DEV but not on PROD environment

Posted on 2014-10-14
2
663 Views
Last Modified: 2014-10-16
Hello,

I've been experiencing a very strange behavior on PROD environment.  

I was told to tighten up the security that after logout, user cannot use browser back button to view pages.  Following the reference link below, I make it works on DEV that when user logs out, it clears session and redirects to login page.  However on PROD environment, on Chrome, Network tab, I see LogoutPage.aspx, status canceled in a loop,  the ticker keeps firing... and I can't do anything but close the browser.

http://geekswithblogs.net/Frez/archive/2010/05/18/back-button-issue-after-logout-in-asp.net.aspx

Below is the message in the 'Headers'

Request URL:https://site.com/LogoutPage.aspx
Request Headers
Provisional headers are shown
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type:application/x-www-form-urlencoded
Origin:https://site.com
Referer:https://site.com/LogoutPage.aspx
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id:1008F0FA-5726-49CF-876E-CC92AB62CB41
Form Dataview sourceview URL encoded
__EVENTTARGET:ctl00$MainContent$Timer1
__EVENTARGUMENT:
__VIEWSTATE:/wEPDwULLTEwMjE0NDM4MjMPZBYCZg9kFgICAw9kFg4CAQ8PFgIeCEltYWdlVXJsBUVodHRwczovL3NtYXJ0dG9vbHMuc3NpLnNhbXN.....




LogoutPage.aspx
/******************************************************************************/
<asp:Timer ID="Timer1" runat="server" Interval="1000" ontick="Timer1_Tick">  
</asp:Timer>
<script type="text/javascript">
    window.history.forward(1);
</script>
/******************************************************************************/

LogoutPage.aspx.vb
/**************************************************************************************/
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Me.Master.FindControl("TopMenu").Visible = False
        Me.Master.FindControl("LeftMenu1").Visible = False
        Me.Master.FindControl("BreadCrumb1").Visible = False

        Session.Clear()
        Session.Abandon()
        Session.RemoveAll()

        Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
        Response.Cache.SetCacheability(HttpCacheability.NoCache)
        Response.Cache.SetNoStore()
 End Sub

Protected Sub Timer1_Tick(ByVal sender As Object, ByVal e As System.EventArgs) Handles Timer1.Tick
        FormsAuthentication.SignOut()
        Response.Redirect("~/LoginPage.aspx", True)
End Sub
/******************************************************************************************/

The problem is I don't have access to PROD so I don't really know what is happening here.  I could replicate the issue on DEV by redirecting to a page not found (LoginPagexxxx.aspx) but that doesn't seem like the issue because 'LoginPage.aspx' is there on PROD, when user is not logged in and tries to access a password protected page, it redirects the user to 'LoginPage.aspx' just fine.

Please tell me what the difference is between DEV & PROD?

Thanks in advance.
0
Comment
Question by:levbao
2 Comments
 

Accepted Solution

by:
levbao earned 0 total points
ID: 40385209
Never mind.  I solved it by removing the onTick event and put this in master page:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetNoStore()

Thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
JavaScript error 1 52
Why is some text in blue in Visual Studio? 6 22
Run time Error 4 34
Make an ajax call ithat alters url and updates a listview in asp.net 1 19
Introduction A frequently used term in Object-Oriented design is "SOLID" which is a mnemonic acronym that covers five principles of OO design.  These principles do not stand alone; there is interplay among them.  And they are not laws, merely princ…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now