3

I'm trying to clear session in 'logout' link usingSession.Abandon();. After Logout I redirected back to login page.But even after logout I could visit previous pages using browser's back button. How can I solve it?

Improve this question
1
  • If you reload (F5) the page from the history, can you still continue using the site? or are you redirected back to the login screen? Commented Oct 24, 2012 at 9:23

4 Answers 4

Reset to default
1

Based on your comments, your session HAS been abandoned.

What you're seeing is a "snapshot" of the page saved in the cache by the browser. As long as in your code behind you make sure that you have a valid session before allowing the user to perform any tasks on your pages, you should be fine.

There are various answers on how to try and disable the cache, so that pressing the back button won't show the previous page - but as far as it goes to your question - you HAVE logged out and your session IS gone...

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

ok thanks.. Then I have to just clear the session isn't it? Is there any problem if I didn't take care of that back button?
If you check and make sure that your session is valid before allowing the user to perform any tasks, then you're good to go. A good way to check this is in the page_load event: if the session is not valid -> redirect to login page. That's enough....
0

Try putting this on your code-behind:

Page.Response.Cache.SetCacheability(HttpCacheability.NoCache)
Improve this answer

Comments

0

Try this code :

// Code disables caching by browser. Hence the back browser button
// grayed out and could not causes the Page_Load event to fire 
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();

You can add something similar in form aspx if you want to place it there:

<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">

OR one can set this in logout event:

protected void LogOut()   
{       
     Session.Abandon();       
     string nextpage = "Logoutt.aspx";       
     Response.Write("<script language="javascript">");             
     Response.Write("{");       
     Response.Write(" var Backlen=history.length;");       
     Response.Write(" history.go(-Backlen);");       
     Response.Write(" window.location.href='" + nextpage + "'; ");
     Response.Write("}");       
     Response.Write("</script>");   
}

for reference see : http://www.codeproject.com/Tips/135121/Browser-back-button-issue-after-logout

Improve this answer

1 Comment

I've tried the last one and page redirected back but the problem of back button is still there
0

You need to disable all type of cache on browser for that page as:

Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-4));
Response.Cache.SetValidUntilExpires(false);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
Response.Cache.SetNoStore();
Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0));
Response.Expires = 0;
Response.CacheControl = "no-cache";
Response.AppendHeader("Pragma", "no-cache");
Response.Cache.AppendCacheExtension("must-revalidate, proxy-revalidate, post-check=0, pre-check=0");
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.