Most likely you're seeing the contents of the browser cache, and not a new
page generated by the server. Try hitting the back button and then F5 for
refresh; you should be redirected to login.
This isn't a security violation per-se; however it raises an interesting
question regarding the sanctity of confidential information. When you log
out, it would be nice to know that a new user approach the machine couldn't
browse the cache so easily and view your previously-seen documents.
A few possibilities;
+ Do some work to prevent the browser from caching the page. Historically,
this has been somewhat unreliable, but there are some solutions that seem to
behave consistently.
+ Immediately after logout, try writing some js out to close the browser.
+ Immediately after logout, try writing some js to clear the history.
You'll no doubt have different issues with different web browsers, and even
more complex issue dealing with proxy server caches, but it's somewhere to
start.
/// M
"nvv via DotNetMonster.com" <fo***@DotNetMonster.com> wrote in message
news:24******************************@DotNetMonste r.com...
Hi,
I am working on a web site which authenticates an user using forms. And
once they logout, I observed that, for any reason if they click on "BACK"
button of the browser, the user is being taken back to the site instead
taking them to "login" page. I used formsAuthentication signout method and
also used session's abandon method in signout event. Still I don't know why
I am facing that problem. Please tell me what else I need to do in order to
avoid that and present them with loging page like it happens with any email
web site.
Thanks,
--
Message posted via http://www.dotnetmonster.com