473,320 Members | 2,111 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Prevent accessing page via browser history

Have a "standard" asp.net web solution which uses the standard asp.net
authentication and authorization methods (forms authentication).

Some users have raised concern that even if you logout (which brings
the user back to the login.aspx page) you can seemingly navigate back
in via the back-button and the browser history.

If user A is viewing a page and then clicks logout and leaves (browser
not at login.aspx). User B comes along and can easily click "back" in
the browser to see what user A was doing.

One way around this would be to prevent client-side caching by the
browser, but I dont want to remove the users ability to use "back" and
"forward".

I'm considering making some javascript that via AJAX check with the
server onLoad that the session is still valid. This means that each
page request results in yet another server call. Another option could
perhaps be checking for a cookie that I delete when logging out.

Any tips? How have you solved this problem?
Feb 25 '08 #1
2 2815
you need to set nocache on. back will still work, the browser will just hit
the server again. code your pages to handle this case. put a trans guid in
each pages viewstate so you can detect a "cache" hit.

-- bruce (sqlwork.com)
"PÃ¥l A." wrote:
Have a "standard" asp.net web solution which uses the standard asp.net
authentication and authorization methods (forms authentication).

Some users have raised concern that even if you logout (which brings
the user back to the login.aspx page) you can seemingly navigate back
in via the back-button and the browser history.

If user A is viewing a page and then clicks logout and leaves (browser
not at login.aspx). User B comes along and can easily click "back" in
the browser to see what user A was doing.

One way around this would be to prevent client-side caching by the
browser, but I dont want to remove the users ability to use "back" and
"forward".

I'm considering making some javascript that via AJAX check with the
server onLoad that the session is still valid. This means that each
page request results in yet another server call. Another option could
perhaps be checking for a cookie that I delete when logging out.

Any tips? How have you solved this problem?
Feb 25 '08 #2
On Feb 25, 5:34 pm, bruce barker
<brucebar...@discussions.microsoft.comwrote:
you need to set nocache on. back will still work, the browser will just hit
the server again. code your pages to handle this case. put a trans guid in
each pages viewstate so you can detect a "cache" hit.
Won't going "back" to a page with nocache cause a re-post? Most all
pages in asp.net have some sort of postback on them. Having a trans
guid or ticket or what ever and only act when the ticket is valid is a
nice option, but not something I want to implement on an existing
system.
Feb 25 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Mark Petersen | last post by:
Is there a way to prevent a page postback from being added to the browser history without using SmartNavigation? I'd like to be able to do this in a cross-browser compatible way (modern...
3
by: Rob | last post by:
Each time a webform is posted back (submitted), another URL is added to the browser's history list. My web application allows a back button to return to previously visited pages, but I do not wish...
3
by: laryten | last post by:
Hi, Is there a way to update the same web page instead of getting a new page each time we click the submit button? The simplest thing to do is to delete the current page (or go back to the...
0
by: =?Utf-8?B?bWtlbGx5NGNh?= | last post by:
I've spent quite some time searching for a way to prevent the browser from adding each of my postbacks to the History list, and have found several different methods to do that or something similar,...
3
by: Phil | last post by:
Jerry posed some good ideas, a while back, on website a security issue that comes up often. Gary Jones was asking how to keep users from directly accessing php pages, out of sequence. Jerry...
1
by: =?Utf-8?B?UmljaGFyZA==?= | last post by:
Hi, After the user is signed out and taken to the login page, they can still use the back & history features in the browser to access pages. Every page (except login) has a check at the...
10
Ajm113
by: Ajm113 | last post by:
Making a History Page for BIG Sites Intro: Ok, let's say after a while your website has grown massive. We're talking search engine, forum and video hosting -- you've got a LOT of content. And you...
2
by: Max | last post by:
I recently moved to ASPnet Ext 3.5 What I can't get with Ajax and History browser managemet is this: User fills some fields (dropdown and textbox) on page 1 (all are in an update panel) User...
5
by: Eric | last post by:
Hi, the user gets a form to fill. All the filled values are put into session variables. I want to prevent that he could click to the previous arrow of the browser and then comes back to the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.