0

I am developing a web page. My problem is when users click on log out button, they are diverted to the log in screen. But if they click back on the login screen then it allows them to go straight back to the last screen. I would like to prevent this from happening as they should not be allowed to do this.

Here is my code for the logout page.

public partial class Logout : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            Session.Clear();
            Session.Abandon();
        }
        protected void Timer1_Tick(object sender, EventArgs e)
        {

            Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
            Response.Cache.SetCacheability(HttpCacheability.NoCache);
            Response.Cache.SetNoStore();

            try
            {
                Session.Abandon();
                FormsAuthentication.SignOut();
                Response.Cache.SetCacheability(HttpCacheability.NoCache);
                Response.Buffer = true;
                Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
                Response.Expires = -1000;
                Response.CacheControl = "no-cache";
                //Response.Redirect("login.aspx", true);
            }
            catch (Exception ex)
            {
                Response.Write(ex.Message);
            }

            Response.Redirect("~/Login.aspx");
        }
    }
}
Son Truong
  • 13,661
  • 5
  • 32
  • 58
  • 1
    You will need to kill that session server side. Any `motivated user` could 'fake' an open session if you don't. – nilsK Sep 17 '18 at 08:05
  • Does your "logout" do anything further than diverting to "login screen" ? – Fildor Sep 17 '18 at 08:05
  • 1
    Are you sure you don't just see a cached version of previous page? what happens if you logout, go back and refresh page? – trailmax Sep 17 '18 at 08:08
  • if i press back twice then it still allows me to go back to the previous screen before the logout page... Not very good for security.. any help? –  Sep 17 '18 at 08:22
  • yes i logged out and then clicked back and refreshed and the data is still there.... –  Sep 17 '18 at 09:07
  • i mean it hasnt logged me out or anything –  Sep 17 '18 at 09:07
  • can anyone help?> –  Sep 17 '18 at 09:22

0 Answers0