Prevent user from loggin in by clicking Back button

Sathesh Sakthivel

Try with the Session. If the User sign out close the Session.

Regards, Satips.

Parwej Ahamad

It's depend on your implementation. * If u save the login credential in session or cookies. Then can set the nothing for the Session variable and clear the cookies. *If u r varify login information only first time when user logged in then u can disable back button by bellow code. U can use below code. This will not be cach any page on loca machine. then i think it should be work as disable back button. If u have other problem let me inform.

Parwej Ahamad g_parwez@rediffmail.com

N a v a n e e t h

You should not block the back button of the browser using some javascript. In every page load check that the session exist. If not redirect user to login page. When logging out clear the session. By pressing the back button you are seeing the browser cached page. If you are checking sessions on page load, user can't do any processing with the page. When the page posts back, it will check for session and will be redirected to login page. :cool:

Navaneeth My Website

Blumen

Thank you very much for the quick response, I will try your suggestion.

BINOVAR

u can use this script in ur last page .. history.forward(); so back option vl not work

N a v a n e e t h

What about in Firefox ?

Navaneeth My Website

BINOVAR

sorry I didnt think abt it..do u have any solution???

N a v a n e e t h

Whatever solution you suggested is not good, I given the solution on the previous message

Navaneeth My Website

BINOVAR

I too accept Navaneeth...Ur suggestion was Gud..but 4 the time being mine vl be usefull to him I guess[:)]

N a v a n e e t h

Sure that will be. Don't take my message in other sense. Just told simply

Navaneeth My Website

BINOVAR

Hey Naveenth comeon ..I didnt take it in other way..But I agree tat I was out of standard in asking to disable the back button.. Cheers Bino Varghese.V

dipak dipak

Yes sir you are right that "we should not block the back button of the browser using some javascript" because javascript can be disable for a browser. As you suggested to check the session -- I am using Login control and form authentication, and after successfully logged in i have checked to count number of session available, but result found 0, because it keeps all information in a cookie. There is no any session. then how can i prevent to see the page before logged out. If i manually set a session when user logged in and kill the session on logged out, then also someone can see pages (may contain confidential information) which was opened before logged out. Am I Right? Then what is the proper solution to prevent see the confidential information opened during any one logged in?????? This Question was made too much earlier, So I think now u found the proper solution. Please tell me sir..... I am waiting for your reply... Thank you in advance :-O

Dipak

N a v a n e e t h

dipak.dipak wrote:

If i manually set a session when user logged in and kill the session on logged out, then also someone can see pages (may contain confidential information) which was opened before logged out. Am I Right?

I am not sure I got your question. But using sessions to keep login information is a standard practice. Sessions are stored in the server memory and unique for each users.

dipak.dipak wrote:

Then what is the proper solution to prevent see the confidential information opened during any one logged in??????

Do you mean when user presses back button? There are no efficient way to prevent the back button. You can do it using JS, which is not reliable. One solution I see is to open the users secured pages in a popup window, and close this window when user logs out.

Navaneeth How to use google | Ask smart questions