Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Code Project
  1. Home
  2. Web Development
  3. ASP.NET
  4. Back button issue

Back button issue

Scheduled Pinned Locked Moved ASP.NET
helpcsharpasp-netdatabasesecurity
4 Posts 2 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R Offline
    R Offline
    Ridge Howison
    wrote on last edited by
    #1

    Hello All, Thank you for reading this post. Here is my issue. I have an ASP.NET 2.0 web application, that requires users to login and then they are shown the welcome page on successful login(Iam not using forms authentication, user's login credentials are validated against database and redirected to welcome page). The Welcome page has a logout button, on clicking which I clear all session variables, destroy all login based cookies and redirect to the login screen again. My problem is this. After I logout and reach the Login page if I hit the back button I go back to my welcome screen with all user information even though I have explicitly cleared session and cache. Please let me know how I can enforce the login page when back button is pressed. This is what i have on my logout page. Protected Sub lkbLogout_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles lkbLogout.Click Session(CustomerInformation) = Nothing Session.Clear() 'Remove all cookies If Not Request.Cookies(ConfigurationManager.AppSettings("Cookie")) Is Nothing Then Response.Cookies(ConfigurationManager.AppSettings("Cookie")).Expires = DateTime.Now.AddYears(-30) End If If Not Request.Cookies(ConfigurationManager.AppSettings("Cookie2")) Is Nothing Then Response.Cookies(ConfigurationManager.AppSettings("Cookie2")).Expires = DateTime.Now.AddYears(-30) End If If Session(CustomerInformation) Is Nothing Then Response.Cache.SetCacheability(HttpCacheability.NoCache) Response.Cache.SetExpires(DateTime.Now - New TimeSpan(1, 0, 0)) Response.Cache.SetLastModified(DateTime.Now) Response.Cache.SetAllowResponseInBrowserHistory(False) Response.Redirect("login.aspx", True) End If '------------------ response.redirect("login.aspx",true)

    S 1 Reply Last reply
    0
    • R Ridge Howison

      Hello All, Thank you for reading this post. Here is my issue. I have an ASP.NET 2.0 web application, that requires users to login and then they are shown the welcome page on successful login(Iam not using forms authentication, user's login credentials are validated against database and redirected to welcome page). The Welcome page has a logout button, on clicking which I clear all session variables, destroy all login based cookies and redirect to the login screen again. My problem is this. After I logout and reach the Login page if I hit the back button I go back to my welcome screen with all user information even though I have explicitly cleared session and cache. Please let me know how I can enforce the login page when back button is pressed. This is what i have on my logout page. Protected Sub lkbLogout_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles lkbLogout.Click Session(CustomerInformation) = Nothing Session.Clear() 'Remove all cookies If Not Request.Cookies(ConfigurationManager.AppSettings("Cookie")) Is Nothing Then Response.Cookies(ConfigurationManager.AppSettings("Cookie")).Expires = DateTime.Now.AddYears(-30) End If If Not Request.Cookies(ConfigurationManager.AppSettings("Cookie2")) Is Nothing Then Response.Cookies(ConfigurationManager.AppSettings("Cookie2")).Expires = DateTime.Now.AddYears(-30) End If If Session(CustomerInformation) Is Nothing Then Response.Cache.SetCacheability(HttpCacheability.NoCache) Response.Cache.SetExpires(DateTime.Now - New TimeSpan(1, 0, 0)) Response.Cache.SetLastModified(DateTime.Now) Response.Cache.SetAllowResponseInBrowserHistory(False) Response.Redirect("login.aspx", True) End If '------------------ response.redirect("login.aspx",true)

      S Offline
      S Offline
      Saksida Bojan
      wrote on last edited by
      #2

      Responce.Cookies is array method not function. You have to use [] not (). This stand also for Session example:

      Response.Cookies[ConfigurationManager.AppSettings("Cookie")].Expires = DateTime.Now.AddYears(-30)

      R 1 Reply Last reply
      0
      • S Saksida Bojan

        Responce.Cookies is array method not function. You have to use [] not (). This stand also for Session example:

        Response.Cookies[ConfigurationManager.AppSettings("Cookie")].Expires = DateTime.Now.AddYears(-30)

        R Offline
        R Offline
        Ridge Howison
        wrote on last edited by
        #3

        Will the above solution solve my issue ? Iam using VB.NET for my coding not C#

        S 1 Reply Last reply
        0
        • R Ridge Howison

          Will the above solution solve my issue ? Iam using VB.NET for my coding not C#

          S Offline
          S Offline
          Saksida Bojan
          wrote on last edited by
          #4

          Sorry didn't read your post very well. You coud write javascript that prevents back buttion. But when you press back button, the browser displays a page in previous. It doesn't call a server to check if that is true. It is imposible. But you could check every time a postback occourd for every page

          1 Reply Last reply
          0
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes


          • Login

          • Don't have an account? Register

          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • World
          • Users
          • Groups