Have a "standard" asp.net web solution which uses the standard asp.net
authentication and authorization methods (forms authentication) .
Some users have raised concern that even if you logout (which brings
the user back to the login.aspx page) you can seemingly navigate back
in via the back-button and the browser history.
If user A is viewing a page and then clicks logout and leaves (browser
not at login.aspx). User B comes along and can easily click "back" in
the browser to see what user A was doing.
One way around this would be to prevent client-side caching by the
browser, but I dont want to remove the users ability to use "back" and
"forward".
I'm considering making some javascript that via AJAX check with the
server onLoad that the session is still valid. This means that each
page request results in yet another server call. Another option could
perhaps be checking for a cookie that I delete when logging out.
Any tips? How have you solved this problem?
authentication and authorization methods (forms authentication) .
Some users have raised concern that even if you logout (which brings
the user back to the login.aspx page) you can seemingly navigate back
in via the back-button and the browser history.
If user A is viewing a page and then clicks logout and leaves (browser
not at login.aspx). User B comes along and can easily click "back" in
the browser to see what user A was doing.
One way around this would be to prevent client-side caching by the
browser, but I dont want to remove the users ability to use "back" and
"forward".
I'm considering making some javascript that via AJAX check with the
server onLoad that the session is still valid. This means that each
page request results in yet another server call. Another option could
perhaps be checking for a cookie that I delete when logging out.
Any tips? How have you solved this problem?
Comment