How to deny access after logout by means of back button or url typed in browser in asp.net?

Question

I m facing the problem of Access to my pages even after Logout.. I have visited many forms but majority saying Disable back button.. I want to achieve this through code rather than disabling back button.

My problem :

I m able to access previous page through back button after logout and I m able to access by typing the URL like "localhost/admin.aspx" after logging off...

Please help me in avoiding above two problems?? I m using C#..! Many thanks in advance..

The first one is not a problem, _per se_, this is how browsers work - it's not up to site to delete history etc; and the second you will need to provide more information for. — Grant Thomas, Jul 22 '13 at 10:34
How are you managing login? are you using FormsAuhtnetication? the solution for your problem depends on that. — Suhani Mody, Jul 22 '13 at 10:37
If you are using FormsAuthentication, call FormsAuthentication.SignOut(); method when user logs out. — Suhani Mody, Jul 22 '13 at 10:48

score 0 · Answer 1 · answered Jul 22 '13 at 10:40

0

Try this

protected void LoginStatus1_LoggedOut(object sender, EventArgs e)
{
    FormsAuthentication.SignOut();
    Roles.DeleteCookie();
    Session.Clear();
}

answered Jul 22 '13 at 10:40

Alexander.int32

1

score 0 · Answer 2 · answered Jul 22 '13 at 10:40

0

Your pages are cached by browser which helps to improve performance of page loading. It is possible to disable output caching. You can find some considerations how to do that here http://forums.asp.net/t/1268449.aspx.

answered Jul 22 '13 at 10:40

Egor4eg

2,678
1
22
41

score 0 · Accepted Answer · answered Jul 22 '13 at 10:48

To disable the back button using javascript code.
In case of manual session management, Check for session on the pages meant to use only after login. On its PageLoad event use something like this
if(Session["SomeVar"]==null) {
```
       // redirect to login page or somewhere else
}
```
If you are using Membership Provider then I think it will do automatically for you.

Also you can set Cache Expiration Policy to avoid back buttons.Below is the code for the same

private void DisableClientCaching()
    {
        // Do any of these result in META tags e.g. <META HTTP-EQUIV="Expire" CONTENT="-1">
        // HTTP Headers or both?

        // Does this only work for IE?
        Response.Cache.SetCacheability(HttpCacheability.NoCache);

        // Is this required for FireFox? Would be good to do this without magic strings.
        // Won't it overwrite the previous setting
        Response.Headers.Add("Cache-Control", "no-cache, no-store");

        // Why is it necessary to explicitly call SetExpires. Presume it is still better than calling
        // Response.Headers.Add( directly
        Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-1));
    }

But forward button is still redirecting without password – rtvalluri Jul 22 '13 at 11:47 — rtvalluri, Jul 22 '13 at 11:47

score 0 · Answer 4 · answered Jul 22 '13 at 11:13

Try to use the above

    Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1));
        Response.Cache.SetNoStore();
        Response.AddHeader("Pragma", "no-cache");
        Response.Expires = 0;

score 0 · Answer 5 · edited Oct 11 '18 at 11:03

0

In login form on login button click

Session["ABC"] = UserNameTextBox.Text;
Session["Username"] = UserNameTextBox.Text;

On each page load event other than login.aspx

string a = Convert.ToString(Session["ABC"]);
if (a == "")
{
    Response.Redirect("Login.aspx");
}

edited Oct 11 '18 at 11:03

Hitesh

3,449
8
39
57

answered Jul 22 '13 at 11:15

SumitG

41
2
8

score -1 · Answer 6 · answered Jul 22 '13 at 10:35

-1

Clear the session while logging out. Session.Abandon()

answered Jul 22 '13 at 10:35

Saritha.S.R

800
1
6
19

How to deny access after logout by means of back button or url typed in browser in asp.net?

6 Answers6