0

I have a Login and Logout method with remember me. After Logout from 'index' page(authorized), I can still go back to 'index' with browser's(chrome) back arrow. Is this because of remember me? How can I totally logout from my website?

This happens even Remember Me is checked or not checked. I tried clearing browser cache and history.

    [HttpPost]
    public ActionResult Login(LoginModel loginModel)
    {
        User user = db.Users.Where(u => u.Username.Equals(loginModel.Username) && u.Password.Equals(loginModel.Password)).FirstOrDefault();
        if (user != null)
        {
            FormsAuthentication.SetAuthCookie(user.UserPkID.ToString(), loginModel.RememberMe);
            return RedirectToAction("Index", "Home");
        }
        else
        {
            return View();
        }
    }

    [HttpGet]
    public ActionResult Logout()
    {
        FormsAuthentication.SignOut();
        return RedirectToAction("Login");
    }
Thu Htoo Aung
  • 19
  • 9
  • 1
    After you logout, and then go back, are you still able to interact with the website as if you were still logged in? (For example, logout > back > do_some_action_requiring_authentication) I ask this as I suspect your browser may be showing a cached copy of the site when you go back. – Kei Sep 16 '19 at 04:31
  • 1
    Possible duplicate - https://stackoverflow.com/questions/19315742/after-logout-if-browser-back-button-press-then-it-go-back-last-screen – Hari Hara Chandan Sep 16 '19 at 04:35
  • @Kei when i go back after logging out, I can't do any action and I reached to login page when I do some action. – Thu Htoo Aung Sep 16 '19 at 05:03
  • Ah okay, in that case, it looks like your logout is fine and the issue is with the way the browser handles history. You could try Muhammad Aftab's answer below (but note that it will prevent users from using the back button) or one of the solutions in the link suggested by Hari Hara Chandan above. – Kei Sep 16 '19 at 05:15

2 Answers2

1

No this is not because of remember me.

you must push your url in pushState and clean the browser history:

try this :

$(document).ready(function() {
        window.history.pushState(null, "", window.location.href);        
        window.onpopstate = function() {
            window.history.pushState(null, "", window.location.href);
        };
    });

check here: Disable Back Button in Browser using jquery?

Muhammad Aftab
  • 1,098
  • 8
  • 19
0

Add this block inside your Global.asax after Application_Start() function inside public class MvcApplication : System.Web.HttpApplication{}

public class MvcApplication : System.Web.HttpApplication
 {
 // Application_Start() and other functions

   protected void Application_BeginRequest()
    {
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
        Response.Cache.SetNoStore();
    }

  }
Nijin P J
  • 1,302
  • 1
  • 9
  • 15
  • Thanks, it works for me. But when I click back button for like 2 or 3 times. Username appear in login form. Is it normal? Is is okay to show someone's username to other? Sorry, I'm asking this because I'm very new to development field and this is my first project. – Thu Htoo Aung Sep 16 '19 at 05:48
  • @THA because you are already saved username and password in browser. that you have to clear by browser cashe clearing – Nijin P J Sep 16 '19 at 05:55
  • And while downvoting please specify the reason behind it.. without any clarification somebody is doing it !Either you have to give any better solution for it. – Nijin P J Sep 16 '19 at 05:58
  • @THA Not you! Somebody else. happy to help you – Nijin P J Sep 16 '19 at 06:34