I follow below code :
function My_Function() {
var x;
if (confirm("Exit?") == true) {
x = "Ok";
window.location.href = '@Url.Action("Login", "Account")';
Session.Abandon();
} else {
x = "Cancel";
}
}I want to prevent is that , after logging out , then I click the back navigation button , I don't want to go back to the previous page.
Browsers can cache content locally. So no matter what you are doing on your server, after logging out, if the user clicks on the Back button, the browser can decide to get the last page from the local cache and display it.
In order to prevent this behavior you could serve all controller actions that require authentication with cache disabled. This can be achieved by decorating them with a custom [NoCache] filter. This filter will ensure that the proper response headers are set when serving actions that require authentication to prevent the browser from caching them.
This being said, please note that the Session.Abandon(); call should be done on your server - inside your Logout controller action that is supposed to clear the authentication cookies and session state.
Session.Clear and Session.RemoveAll are identical; the latter just calls the former. They immediately remove all items stored in the session, but the session itself survives. Session_OnEnd does not fire.
Session.Abandon doesn't actually clear the values immediately, it just marks the session to be abandoned at the end of the current request. You can continue to read the values for the rest of the request. If you write to the session later in the request, the new value will be quietly discarded at the end of the request with no warning. Session_OnEnd fires at the end of the request, not when Abandon is called.
