Security Risk Issue
-
Hey guys, Here is the deal I have a web application that needs to be more secure then it already is. What I need to be able to do is if someone navigates to a site outside of the secure application pages then if they hit the back button it needs to not allow them to do anything except redirect them to the login page. I have this functionality when they logout already built in. I am using session variables, and the reason it doesn't redirect is because the session values have not yet timed out. Does anyone know how I could fix this? If so, I would appreciate any help y'all would be willing to give. Thanks, Chris
-
Hey guys, Here is the deal I have a web application that needs to be more secure then it already is. What I need to be able to do is if someone navigates to a site outside of the secure application pages then if they hit the back button it needs to not allow them to do anything except redirect them to the login page. I have this functionality when they logout already built in. I am using session variables, and the reason it doesn't redirect is because the session values have not yet timed out. Does anyone know how I could fix this? If so, I would appreciate any help y'all would be willing to give. Thanks, Chris
On the logout page add:
FormsAuthentication.SignOut(); // Clean the session variables Session.Clear(); Session.Abandon(); // To protect logout back button Response.Expires = 0; Response.Cache.SetNoStore(); Response.AppendHeader("Pragma", "no-cache");Hope this helps Al -
On the logout page add:
FormsAuthentication.SignOut(); // Clean the session variables Session.Clear(); Session.Abandon(); // To protect logout back button Response.Expires = 0; Response.Cache.SetNoStore(); Response.AppendHeader("Pragma", "no-cache");Hope this helps AlOk I guess I didn't make myself to clear. My apologies. Ok here it goes. I have a web application that has 30 user controls. What I am wanting to do is if they leave the application in the middle of it and go to some other site like Google. I want to force them to go to the Login page. This would need to be handled when the user goes to another site then tries to return by hitting the Back button. I already had the code you have mentioned but that doesn't solve the problem. Any other ideas would be greatly appreciated. Thanks Chris