I am using FormsAuthentication for userlogin. I am having a problem after user logs out successfuly the back button is browser allows user to view pages. I tried using javascript
<script type = "text/javascript" >
function preventBack() { window.history.forward(1); }
setTimeout("preventBack()", 0);
window.onunload = function () { null };
</script>
But back button is completly disabled. It worked bt,I dont want to disable back button functionality when user is logged in. i want my LOGGED IN user to use browser back button as normal. But once he choosed to log out, he is not allow to see any of contents by pressing Back. I also tried using
Session.Abandon();
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now);
But this is also not working.how do I fix this?
You could clear the browser history when the user logs out:
var url = window.location.href;
window.history.go(-window.history.length);
window.location.href = url;
However this would not be particularly robust - it relies on javascript, it would not work across multiple tabs and may only serve to annoy the user. IMO the best bet is to set appropriate caching headers such that the browser will not cache any of your 'logged in' pages via a NoCacheAttribute applied appropriately:
public class NoCacheAttribute : ActionFilterAttribute
{
public override void OnResultExecuting(ResultExecutingContext filterContext)
{
filterContext.HttpContext.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
filterContext.HttpContext.Response.Cache.SetValidUntilExpires(false);
filterContext.HttpContext.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
filterContext.HttpContext.Response.Cache.SetNoStore();
base.OnResultExecuting(filterContext);
}
}