Friday, January 2, 2009

Handling logout (back button) for secure pages in asp .net (C#)

It is a common problem in programming that if a user is logged in to a secure page and loggs out of that page. Then clicking on the back button of browser gets a user back to that secure page (regardless of the fact that the user has logged out of the page.)

Ideally, the secure page should bot be shown, in case the user has logged out of the page due to security concerns. I found it very hard to crack. But finally I got a magic function, that handles this problem perfectly. This code worked for me perfectly in IE 6.0, FireFox 2.0 and chrome 1.0.

The code is:

//Put this line in page load event of the page:
Response.Cache.SetNoStore();

and

//Put this code, where you have to logout a user:
Session.Abandon();
Response.Redirect("Login.aspx"); 

If you don't want to remove all the sessions on logout, then you can user below line to remove a specific session:
Session["SessionId"]=null;
Posted by Dipak Mishra at 12:06 AM
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)