Solved

Back Button issue after Logout in ASP.NET - onTick, Redirecting works on DEV but not on PROD environment

Posted on 2014-10-14
2
645 Views
Last Modified: 2014-10-16
Hello,

I've been experiencing a very strange behavior on PROD environment.  

I was told to tighten up the security that after logout, user cannot use browser back button to view pages.  Following the reference link below, I make it works on DEV that when user logs out, it clears session and redirects to login page.  However on PROD environment, on Chrome, Network tab, I see LogoutPage.aspx, status canceled in a loop,  the ticker keeps firing... and I can't do anything but close the browser.

http://geekswithblogs.net/Frez/archive/2010/05/18/back-button-issue-after-logout-in-asp.net.aspx

Below is the message in the 'Headers'

Request URL:https://site.com/LogoutPage.aspx
Request Headers
Provisional headers are shown
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type:application/x-www-form-urlencoded
Origin:https://site.com
Referer:https://site.com/LogoutPage.aspx
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id:1008F0FA-5726-49CF-876E-CC92AB62CB41
Form Dataview sourceview URL encoded
__EVENTTARGET:ctl00$MainContent$Timer1
__EVENTARGUMENT:
__VIEWSTATE:/wEPDwULLTEwMjE0NDM4MjMPZBYCZg9kFgICAw9kFg4CAQ8PFgIeCEltYWdlVXJsBUVodHRwczovL3NtYXJ0dG9vbHMuc3NpLnNhbXN.....




LogoutPage.aspx
/******************************************************************************/
<asp:Timer ID="Timer1" runat="server" Interval="1000" ontick="Timer1_Tick">  
</asp:Timer>
<script type="text/javascript">
    window.history.forward(1);
</script>
/******************************************************************************/

LogoutPage.aspx.vb
/**************************************************************************************/
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Me.Master.FindControl("TopMenu").Visible = False
        Me.Master.FindControl("LeftMenu1").Visible = False
        Me.Master.FindControl("BreadCrumb1").Visible = False

        Session.Clear()
        Session.Abandon()
        Session.RemoveAll()

        Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
        Response.Cache.SetCacheability(HttpCacheability.NoCache)
        Response.Cache.SetNoStore()
 End Sub

Protected Sub Timer1_Tick(ByVal sender As Object, ByVal e As System.EventArgs) Handles Timer1.Tick
        FormsAuthentication.SignOut()
        Response.Redirect("~/LoginPage.aspx", True)
End Sub
/******************************************************************************************/

The problem is I don't have access to PROD so I don't really know what is happening here.  I could replicate the issue on DEV by redirecting to a page not found (LoginPagexxxx.aspx) but that doesn't seem like the issue because 'LoginPage.aspx' is there on PROD, when user is not logged in and tries to access a password protected page, it redirects the user to 'LoginPage.aspx' just fine.

Please tell me what the difference is between DEV & PROD?

Thanks in advance.
0
Comment
Question by:levbao
2 Comments
 

Accepted Solution

by:
levbao earned 0 total points
Comment Utility
Never mind.  I solved it by removing the onTick event and put this in master page:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetNoStore()

Thanks
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logiā€¦
SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now