I am storing username and password in session when user logins. After logout, when I press Back button of browser, it again goes to the home page of the user. I want that the session must expire so that after logout when user presses back button, he get's rediected to the login page.
I have already tried
Session.RemoveAll();
Session.Abandon();
Session.Remove("StoreUser");
StoreUser is the name of the session that contains username and password.
Use FormsAuthentication.SignOut when your logout button click event , look below code
public void LogoutLink_OnClick(object sender, EventArgs args)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
and see this previous useful discussion : ASP.NET authentication login and logout with browser back button
I used FormsAuthentication.SignOut();
and on an other place in my webapplication, I have this on my WebForm when the user is logged in:
<asp:LoginStatus ID="LoginStatus1" LogoutImageUrl="~/Img/Logout.png"
BackColor="Transparent" runat="server" onloggingout="LoginStatus1_LoggingOut" />
and this in the code behind:
protected void LoginStatus1_LoggingOut(object sender, LoginCancelEventArgs e)
{
MembershipUser u = Membership.GetUser(HttpContext.Current.User.Identity.Name);
u.LastActivityDate = DateTime.Now.AddMinutes(-Membership.UserIsOnlineTimeWindow);
Membership.UpdateUser(u);
}
may following link help you - http://www.codeproject.com/Tips/135121/Browser-back-button-issue-after-logout
your session is getting cleared but the cache of your page is getting stored at client side. You have to handle that.
## IN Global.asax file you have to clear all the session in Session_end event ##
clear all the session in this event.
protected void Session_End(object sender, EventArgs e)
{
// Code that runs when a session ends.
// Note: The Session_End event is raised only when the sessionstate mode
// is set to InProc in the Web.config file. If session mode is set to StateServer
// or SQLServer, the event is not raised.
}
