Web Forms - Session is not cleared - maybe?

Working on a new project that's web forms.

I log in, see whatever first page is and there's a log out button. I click "logout" and I get logged out and redirected to the login page. So far so good.

Now, I'm on the login page. I click the back button and I see the first page. I shouldn't tho. It's the user wasn't actually logged out.

Similar issue here but no solution Similar issue

I checked these

Web config

 <authentication mode="Forms">
      <forms name="DVAuth" path="/" loginUrl="user/login.aspx" protection="All" timeout="30" />
    </authentication>

    <authorization>
      <deny users="?" />
    </authorization>

Open in new window


Logout code looks like this

 protected void Page_Load( object sender, EventArgs e )
        {
            var userAccountVo = (UserAccountVO)Session["UserAccount"];
            var ssoLogoutUrl = GetSSOLogoutUrl(userAccountVo);

            // Put user code to initialize the page here
            Session["UserAccount"] = null;
            FormsAuthentication.SignOut();

            Response.Cookies.Remove( "DVAuth" );
            var c = new HttpCookie( "DVAuth" )
            {
                Expires = DateTime.Now.AddYears( -1 )
            };
            // c.Path = "/dvweb";
            Response.Cookies.Add( c );

            Session.Abandon();


            if ( !string.IsNullOrWhiteSpace( ssoLogoutUrl ))
                Response.Redirect( ssoLogoutUrl );
            else
                Response.Redirect( "~/user/login.aspx" );
        }

Open in new window


I did try Session.Clear() but I was still able to click back on the browser and get to the first page.

What else can I check?
LVL 8
CamilliaAsked:
Who is Participating?
 
Kyle AbrahamsSenior .Net DeveloperCommented:
from: http://zeeshanumardotnet.blogspot.com/2010/06/how-do-disable-back-button-in-browser.html

you have to ensure the protected pages don't cache:
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);

Open in new window

0
 
CamilliaAuthor Commented:
Thanks, Kyle. Let me take a look.
0
 
CamilliaAuthor Commented:
worked, thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.