3

I have two pages, a login page and a page1. The user cannot directly navigate to page1 as it contains following code for the pageload event. The user is redirected to the login page.

if (Session["role"] == null)
{
    Response.Write("Redirect Not Working");
    Response.Redirect("loginpage.aspx");
}

When the user clicks logout on pag1, he/she is redirected to the login page after setting Session["role"]=null. Now on the login page, if the user clicks on the browser back button, he/she is able to navigate to page1. Only in this case Response.Redirect("loginpage.aspx"); in pageload event does not work. Why does it not work? How can I make it work, or how can I prevent the user from accessing page1 in this scenario?

I have been helpless and closed last time by asking it a different way code to detect browser back button click for any(all) browser

Edit In response to answers: The code against the logout button is

protected void btnLogOut_Click(object sender, EventArgs e)
{
    Session["role"] = null;
    Session.Abandon();
    Response.Redirect("login.aspx");
}
Community
  • 1
  • 1
Sami
  • 8,168
  • 9
  • 66
  • 99
  • It would be very useful for us to know in helping you out whether your code actually reaches the Response.Redirect point. Then we can figure out if its an issue with the redirect itself or with the redirect not being reached – Jesse Carter Nov 23 '12 at 17:45
  • Can you please provide your entire Page_Load method? – Jesse Carter Nov 23 '12 at 17:55
  • Yes @JesseCarter. But why do you think its needed. Because I shared the code from full beginning if pageload just like `void pageload(){my shared code ...othercode...}` – Sami Nov 23 '12 at 18:06

4 Answers4

2

The page you're seeing on back may just be a cached version.

The simplest way might be, instead of using response redirect, echo a meta refresh. You need to make sure the session is clear too.

Session.Abandon();
Response.Write("<meta http-equiv='refresh' content='0';URL='loginpage.aspx'>");
Response.End();

If a user hits back they'll hit that page again and be bounced to the URL you want them at. Nothing stopping them from hitting back quickly more than once or choosing Page1 from the history drop down and getting a cached version.

Sami
  • 8,168
  • 9
  • 66
  • 99
Popnoodles
  • 28,090
  • 2
  • 45
  • 53
  • Have you any idea please what would be alternative of `Response.End();` in case I would be using php? – Sami Nov 23 '12 at 18:34
1

this should definitely work,check your Session["role"],I think its never null

at logout do this

Session.Abandon();

'pageoad is not working' in that case the reason for the page executing doesn't affect the page cycle, the Load event always fires when the page is executed.

So, if the Page_Load doesn't run sometimes, it's because the page is cached and doesn't execute on the server. The page can be cached in the browser, in a router somewhere along the way, or on the server using server side page caching.

If you haven't enabled server side page caching for the page, it's cached in the browser or in the network. You can use cache settings to try to elliminate this:

Response.Cache.SetCacheability(HttpCacheability.NoCache);

This will keep the page from being cached in normal circumstances. (Check also that your browser isn't in offline mode, then it will use anything in the cache regardless of it's cacheability settings.)

sajanyamaha
  • 3,119
  • 2
  • 26
  • 44
  • 'pageoad is not working' in that case try deleting page_load event and creating it anew from properties window,this happens due to some tmp files – sajanyamaha Nov 23 '12 at 18:03
  • PageLoad does not work only when coming back from loginpage otherwise it does – Sami Nov 23 '12 at 18:12
  • Thanks +1 for good explanation. user822711 answer has worked for me. Can't figure why `HttpCacheability.NoCache` not working for me. Also his answer is valid for php as well. – Sami Nov 23 '12 at 18:33
0

Can you try something like this 

if (Session["role"] == null)
{
    Response.Write("Redirect Not Working");
    Response.Redirect("~/loginpage.aspx");
}

MAKE sure to reset the Session["role"] = null at time of logout because this value will persist during web session

MethodMan
  • 18,625
  • 6
  • 34
  • 52
  • 1
    Can you please provide or show more code..? I think that your having an issue and or error in the page_load are you checking for if (IsPostBack).. think of page life cycle and how things get triggered inside of aspx web page you also need to end the Response as well.. – MethodMan Nov 23 '12 at 17:54
  • I've run into this exact issue recently and even though the page appeared to work..I was redirecting with additional errors ..so it would help if you post more code.. especially in the Page_Load Event – MethodMan Nov 23 '12 at 17:57
0

It sounds to me like you need to remove the Session["role"] value and set it back to null. When the user logs out I don't think that you are clearing your session values so when they browse back your page load still thinks that they have a valid logged in session.

An easy way to test if this is the case is to put a break point inside the if block past where you check to see Session["role"] == null. If you never hit that breakpoint you know that role is not null and they are still technically "logged in".

Jesse Carter
  • 20,062
  • 7
  • 64
  • 101