0

I am facing issue in my application's logout scenario. After the user login into website, he/she uses it(website) and when done, they do a logout, which leads them back to login page. But the problem is now, from this login page, if I click the browser back button then it again takes the user back to the previous visited page as if logged in. How can I stop user from viewing the previous page once logged out?

I tried

Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();

also 

 <META Http-Equiv="Cache-Control" Content="no-cache"/>
 <META Http-Equiv="Pragma" Content="no-cache"/>
 <META Http-Equiv="Expires" Content="0"/>
user3679060
  • 21
  • 3
  • Why you want it? You can't do this and infact this is not available to the users. – Jai Jun 04 '14 at 11:29
  • The back button is an obsticle faced by all web devs, You will have to accommodate for it, rather than manipulate it. – Jason Evans Jun 04 '14 at 11:31
  • i want to prevent users to visit all the pages other than login after logout – user3679060 Jun 04 '14 at 11:32
  • If all you are offering is Login/Logout, then I don't see why you need a website. Look into using a Web API site instead. The API can expose a Login/Logout method which can be called from JavaScript. – Jason Evans Jun 04 '14 at 11:41

2 Answers2

0

When you click on logout you should have following code on logout click

HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
HttpContext.Current.Response.Cache.SetNoServerCaching();
HttpContext.Current.Response.Cache.SetNoStore();
Session.Abandon();

Now on login screen in head tag, put following JavaScript code

<script type="text/javascript" language="javascript">
window.history.forward(1);
document.attachEvent("onkeydown", my_onkeydown_handler);
function my_onkeydown_handler()
{
switch (event.keyCode)
{
case 116 : // F5;
event.returnValue = false;
event.keyCode = 0;
window.status = "We have disabled F5";
break;
}
}
</script>

hope it helps

koolprasad2003
  • 299
  • 3
  • 23
0

You can't really do that. The best way is to direct the user to another page and then close it when logged out. Something like:

<SCRIPT LANGUAGE="JavaScript">

       function goNewWin() {

     //***Get what is below onto one line***

     window.open("backbuttonnewpage.html",'TheNewpop','toolbar=1,
     location=1,directories=1,status=1,menubar=1,
       scrollbars=1,resizable=1'); 

      //***Get what is above onto one line*** 

     self.close()

       }

        </SCRIPT> 

     <A HREF="javascript:goNewWin()">Click to go to a new page</A>
Dean.DePue
  • 1,013
  • 1
  • 21
  • 45