0

I have an asp.net application that requires users to enter private information and they are automatically logged out of the application by session timeout. However, this doesn't prevent them from clicking the back button. I need to disable this.

I have tried every one of these approaches located here: http://www.codeproject.com/Tips/135121/Browser-back-button-issue-after-logout

The first code-block worked great for about a day. Now all of the sudden my browsers IE8 and FF 7.0.1 completely ignore it. In fact, I've tried every possible combination of cache suppressing code I can find on the net, and no matter what I can always click back.

I've deleted the cache on both browsers, tried and re-tried in every combination. Rebooted. Closed VS2008 and re-opened. Placed the code page level, in master page, in my base page. NOTHING. Someone please let me know if they have any suggestions

Improve this question
3
  • Have you debugged what went over the wire with a tool like Fiddler? Commented May 15, 2012 at 12:20
  • I've never used Fiddler. Are there any good tutorials/references? Besides, will it even show me what's being cached and why? Commented May 15, 2012 at 12:29
  • It will show you the HTTP conversation going on, so that you can verify your headers are present, and whether the browser actually revalidated when it should etc. Commented May 15, 2012 at 12:40

1 Answer 1

Reset to default
1

However, this doesn't prevent them from clicking the back button. I need to disable this.

You can't disable the back button. It just isn't possible. What you have to do is make the application so that it will handle when someone uses it. Browsers don't have to follow the rule of cache expiration etc., so your code has to be able handle expired sessions. There is no other way around it. You can have the session expire on the server so it won't allow the person to post data to it, but you can't have it where the back button is unable to be used.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I don't mean disable it as in it not appear or be greyed out. But my page USED to just refresh when you'd hit the back button because there was no history to serve up. Now all of the sudden all of my browsers completely ignore any statements regarding the expiration of cache
Right, when I say disable what I mean is make it unable to perform it's function, which is essentially what you are doing. If it worked before and doesn't now, then most likely something changed in the code, which caused the problem. What that is without looking at it is difficult to say. All I am saying is that if you are depending on that to work, then I would think about implementing another strategy in addition to that, as you are depending on the browser to follow the rule you have set.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.