You can't clear the user's browser history - that is outside of the scope of
the permissions that a web application has granted. What you can do is
explicitly check on each page whether the user is logged in, and if not do a
response.redirect.
--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--
"David" <anonymous@discussions.microsoft.com> wrote in message
news:F8517B4F-5657-43C4-BA78-64BDEA2E16E6@microsoft.com...[color=blue]
>A user logs into a web site. He is then redirected to a web page of his
>choosing - based on menu options - for example: "WeeklyReport.aspx" is a
>page the user is currently viewing.
>
> If the user session times out, I redirect the user to a "logoff.aspx" web
> page that now informs the user he must relogin to the web site.
>
> Question: Is there anyway to clear the browser's history list (prior to
> Response.Redirect("logoff.aspx") - to ensure the user can't depress the
> "back" button to return to the page where the timeout occurred?
>
> If this is not possible - what if after I detect the session timeout - Is
> it then possible to close the current browser where the timeout occurred -
> and open a new browser with "logoff.aspx" information - How would I do
> this?[/color]
