Preventing Page Review after Logout with Forms Authentication

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ravitunk
    New Member
    • Jun 2007
    • 88
    #1

    Preventing Page Review after Logout with Forms Authentication

    hello all...I have an issue with my ASP.net pages, suppose you have logged into a site using your username and password. On correct username and password you are re-directed to the appropriate page. Then if you click your browser's backward navigation button then the login page is shown (where you entered your username and password) and then if you click the browser's forward navigation button then you are re-directed to the page without again asking for the username and password. How can this problem be solved in ASP.net 2005 using C#....I have gone through this article but couldnt resolve...

    http://aspalliance.com/694_Preventing_ Page_Review_aft er_Logout_with_ Forms_Authentic ation.all
    ....Please reply me soon...
    Tags: None
    • Plater
      Recognized Expert Expert
      • Apr 2007
      • 7872
      #2
      That is the correct functionality.

      Now, if the user was LOGGED OUT (which hitting the back button should not do unless you program that page to log a user out) then there would be an issue.

      You should look at setting your pages to be not Cached, and verify that the user is authenticated on each page load

        Comment

        • ravitunk
          New Member
          • Jun 2007
          • 88
          #3
          hello thks for reply...I know not to cache the page...but please put ur answer in detailed way.....I just want how the yahoo mail page works when a user logs out and then hitting the browser back button.......st ill takes to the login page OR..when the user logs in and hits the back browser button(goes to login page) and then forward button(trying to get the secured page)...yahoo takes the user to login page...plz reply me..

            Comment

            • PRR
              Recognized Expert Contributor
              • Dec 2007
              • 750
              #4
              As far as i know ... this happens becoz the page is cached on the "client side".. so the browser displays the page.. as soon as user click on any server control he will have to "login" again.. ...
              the simplest way is to disable back button ( rather make the back button go forward..though i wont recommend this )
              Heres a javascript for it
              Code:
              <script language="JavaScript">
javascript:window.history.forward(1);
</script>

//or better way

<%
Response.CacheControl = "no-cache"
  Response.AddHeader "Pragma", "no-cache"
%>
//C#
Response.Cache.SetCacheability(HttpCacheability.NoCache);
              Check this Microsoft support

                Comment

                • Plater
                  Recognized Expert Expert
                  • Apr 2007
                  • 7872
                  #5
                  On every page load of the "login" page, make the user be logged out.

                  On every protected page, have the page be not cached, and at page load check for credentials (if no credentials, redirect to that login page)

                    Comment

                    Previous template Next
                    Working...