Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Back Button issue after Logout in ASP.NET - onTick, Redirecting works on DEV but not on PROD environment

Posted on 2014-10-14
2
Medium Priority
?
718 Views
Last Modified: 2014-10-16
Hello,

I've been experiencing a very strange behavior on PROD environment.  

I was told to tighten up the security that after logout, user cannot use browser back button to view pages.  Following the reference link below, I make it works on DEV that when user logs out, it clears session and redirects to login page.  However on PROD environment, on Chrome, Network tab, I see LogoutPage.aspx, status canceled in a loop,  the ticker keeps firing... and I can't do anything but close the browser.

http://geekswithblogs.net/Frez/archive/2010/05/18/back-button-issue-after-logout-in-asp.net.aspx

Below is the message in the 'Headers'

Request URL:https://site.com/LogoutPage.aspx
Request Headers
Provisional headers are shown
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type:application/x-www-form-urlencoded
Origin:https://site.com
Referer:https://site.com/LogoutPage.aspx
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id:1008F0FA-5726-49CF-876E-CC92AB62CB41
Form Dataview sourceview URL encoded
__EVENTTARGET:ctl00$MainContent$Timer1
__EVENTARGUMENT:
__VIEWSTATE:/wEPDwULLTEwMjE0NDM4MjMPZBYCZg9kFgICAw9kFg4CAQ8PFgIeCEltYWdlVXJsBUVodHRwczovL3NtYXJ0dG9vbHMuc3NpLnNhbXN.....




LogoutPage.aspx
/******************************************************************************/
<asp:Timer ID="Timer1" runat="server" Interval="1000" ontick="Timer1_Tick">  
</asp:Timer>
<script type="text/javascript">
    window.history.forward(1);
</script>
/******************************************************************************/

LogoutPage.aspx.vb
/**************************************************************************************/
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Me.Master.FindControl("TopMenu").Visible = False
        Me.Master.FindControl("LeftMenu1").Visible = False
        Me.Master.FindControl("BreadCrumb1").Visible = False

        Session.Clear()
        Session.Abandon()
        Session.RemoveAll()

        Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
        Response.Cache.SetCacheability(HttpCacheability.NoCache)
        Response.Cache.SetNoStore()
 End Sub

Protected Sub Timer1_Tick(ByVal sender As Object, ByVal e As System.EventArgs) Handles Timer1.Tick
        FormsAuthentication.SignOut()
        Response.Redirect("~/LoginPage.aspx", True)
End Sub
/******************************************************************************************/

The problem is I don't have access to PROD so I don't really know what is happening here.  I could replicate the issue on DEV by redirecting to a page not found (LoginPagexxxx.aspx) but that doesn't seem like the issue because 'LoginPage.aspx' is there on PROD, when user is not logged in and tries to access a password protected page, it redirects the user to 'LoginPage.aspx' just fine.

Please tell me what the difference is between DEV & PROD?

Thanks in advance.
0
Comment
Question by:levbao
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Accepted Solution

by:
levbao earned 0 total points
ID: 40385209
Never mind.  I solved it by removing the onTick event and put this in master page:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetNoStore()

Thanks
0

Featured Post

Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to dynamically set the form action using jQuery.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question