0

I am having below code for logout. when It gets log out but when back is pressed it should not go to previously visited page but it does.

//when login

if (txtPassword.Text == password)
                {
                    Session["Login"] = true;
                    Response.Redirect("AdminControlPanel.aspx");
                }

//when logout

Session["Login"] = false;
            Session.Abandon();
            FormsAuthentication.SignOut();
            Response.Cache.SetCacheability(HttpCacheability.NoCache);
            Response.Cache.SetAllowResponseInBrowserHistory(false);
            Response.Redirect("~/index.aspx");

//checking on adminpanel.aspx

if (!this.Page.IsPostBack)
            {
                if (this.Session["Login"]==null || (bool)this.Session["Login"]==false)
                {
                   base.Response.Redirect("~/index.aspx");
                }
            }

what is wrong with this?

Heena
  • 754
  • 5
  • 18
  • 30
  • Put a breakpoint on it and check the value of Session["Login"]. – Paul Alan Taylor Oct 07 '11 at 09:13
  • possible duplicate? http://stackoverflow.com/questions/2686946/asp-net-authentication-login-and-logout-with-browser-back-button – Oskar Duveborn Oct 07 '11 at 11:03
  • There's no way you can control how the browser, all the proxies in-between and so far handles a user pressing "back". That's probably why so many logout pages asks the user to then close the browser window. Cache-control may or may not be properly honored by any number of middle-men in the chain, as long as the data was once viewed in the browser, it's potentially in one or more caches along the way and can be resurrected. – Oskar Duveborn Oct 07 '11 at 11:07

2 Answers2

3

Try to set Cache-Control.

Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetAllowResponseInBrowserHistory(false);
KV Prajapati
  • 93,659
  • 19
  • 148
  • 186
0

May be there may be problem when you assigning the value to the session variable

put a break point in if (txtPassword.Text == password) and check what happens.

also

if (!this.Page.IsPostBack)
            {            
             if (!string.IsNullOrEmpty((string) Session["Login"]))
             {
                  var result = Convert.ToBoolean(Session["Login"]); //put a break point there also and check what values it getting
              }


            }
huMpty duMpty
  • 14,346
  • 14
  • 60
  • 99