469,626 Members | 1,442 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,626 developers. It's quick & easy.

Prevent "Back" Buttom in Browser

I am trying to set up a login-logout website. I have a cookie about the
login status. I put it as logout once the logout link is clicked. And
I put a little security check about the status of the cookie variable
everytime before loading the detailed member profiling.

The page layout is like:

Login page,-->check the login name/password database-->profile page(only
login cookie is true, redirect back to login if false)

Logout link, set login cookie as false and redirect to the login page.
However, after I check a profile and then click logout, I can still get
back to profile page by click "back" button in browser. I was told
those are in the browser cache and the check of the "login" cookie does
not actually work in this situation.

Is there anyway to force the browser to clear the cache after I click
the "logout". It should be possible since lots of websites do that. I
just do not how to. Any help is highly appreciated!
Jul 22 '05 #1
7 4144
Make sure the page isn't cached:
http://www.aspfaq.com/2022
http://msdn.microsoft.com/library/en...am07032000.asp

Also, you can use a client-side redirect (e.g.
window.location.replace('newUrl.asp');) to prevent the current page from
being in the history.

If the page isn't cached and the session value is re-checked, after you've
issued a session.abandon() they shouldn't be able to see the secure content
again without logging in.


However, after I check a profile and then click logout, I can still get
back to profile page by click "back" button in browser.

Jul 22 '05 #2
Also see http://www.aspfaq.com/2017


Is there anyway to force the browser to clear the cache after I click
the "logout".

Jul 22 '05 #3
Thank you. I will try tomorrow and let you know if I fail.

Aaron Bertrand [SQL Server MVP] wrote:
Also see http://www.aspfaq.com/2017

Is there anyway to force the browser to clear the cache after I click
the "logout".


Jul 22 '05 #4
Hi George,

I use the following function in an include:

<%
function noCache()
response.addheader "Cache-Control", "no-store"
response.addheader "Cache-Control", "no-cache"
response.addheader "Pragma", "no-cache"
response.addheader "Cache-Control", "max-age=0, must-revalidate"
response.addheader "Expires", Now-1
end function
%>

and then at the top of any page I don't want cached I simply put <% noCache
%>

hope this helps!

Duane

"George" <sh*********@yahoo.com> wrote in message
news:ek**************@tk2msftngp13.phx.gbl...
I am trying to set up a login-logout website. I have a cookie about the
login status. I put it as logout once the logout link is clicked. And I
put a little security check about the status of the cookie variable
everytime before loading the detailed member profiling.

The page layout is like:

Login page,-->check the login name/password database-->profile page(only
login cookie is true, redirect back to login if false)

Logout link, set login cookie as false and redirect to the login page.
However, after I check a profile and then click logout, I can still get
back to profile page by click "back" button in browser. I was told those
are in the browser cache and the check of the "login" cookie does not
actually work in this situation.

Is there anyway to force the browser to clear the cache after I click the
"logout". It should be possible since lots of websites do that. I just do
not how to. Any help is highly appreciated!

Jul 22 '05 #5
I tried your code in a couple of test pages... and I could not get this to
work. Test.asp had a link to Test_2.asp and if I had the <% noCache %>
included on the second page in the head it would give me a page error. Also
if I did not include the <% noCache %> on the second page I could still
click the back button and the page would open....

--
Regards,

Carroll
"Duane Jackson" <dj******@keyone.co.uk> wrote in message
news:42**********************@ptn-nntp-reader04.plus.net...
Hi George,

I use the following function in an include:

<%
function noCache()
response.addheader "Cache-Control", "no-store"
response.addheader "Cache-Control", "no-cache"
response.addheader "Pragma", "no-cache"
response.addheader "Cache-Control", "max-age=0, must-revalidate"
response.addheader "Expires", Now-1
end function
%>

and then at the top of any page I don't want cached I simply put <% noCache %>

hope this helps!

Duane

"George" <sh*********@yahoo.com> wrote in message
news:ek**************@tk2msftngp13.phx.gbl...
I am trying to set up a login-logout website. I have a cookie about the
login status. I put it as logout once the logout link is clicked. And I
put a little security check about the status of the cookie variable
everytime before loading the detailed member profiling.

The page layout is like:

Login page,-->check the login name/password database-->profile page(only
login cookie is true, redirect back to login if false)

Logout link, set login cookie as false and redirect to the login page.
However, after I check a profile and then click logout, I can still get
back to profile page by click "back" button in browser. I was told those are in the browser cache and the check of the "login" cookie does not
actually work in this situation.

Is there anyway to force the browser to clear the cache after I click the "logout". It should be possible since lots of websites do that. I just do not how to. Any help is highly appreciated!


Jul 22 '05 #6
> it would give me a page error.

Could you be more specific?
Jul 22 '05 #7
> included on the second page in the head it would give me a page error.

It has to be *BEFORE* any HTML.
Jul 22 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Barry Fitzgerald | last post: by
11 posts views Thread by John A Grandy | last post: by
5 posts views Thread by Diffident | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.