Handling logout (back button) for secure pages in asp .net (C#)

Handling logout (back button) for secure pages in asp .net (C#)

It is a common problem in programming that if a user is logged in to a secure page and loggs out of that page. Then clicking on the back button of browser gets a user back to that secure page (regardless of the fact that the user has logged out of the page.)

Ideally, the secure page should bot be shown, in case the user has logged out of the page due to security concerns. I found it very hard to crack. But finally I got a magic function, that handles this problem perfectly. This code worked for me perfectly in IE 6.0, FireFox 2.0 and chrome 1.0.
The code is:
//Put this line in page load event of the page:
Response.Cache.SetNoStore();
and
//Put this code, where you have to logout a user:
Session.Abandon();
Response.Redirect(“Login.aspx”); 
If you don’t want to remove all the sessions on logout, then you can user below line to remove a specific session:
Session[“SessionId”]=null;

3 thoughts on “Handling logout (back button) for secure pages in asp .net (C#)

  1. Sajid Ali

    The message came 
    Webpage has expired
    on hitting the back button of the browser. I want to redirect the user to login page.Please send me how to do this on my personal id
    sajidali3387@yahoo:disqus .com

Leave a Reply

Your email address will not be published. Required fields are marked *