I m facing the problem of Access to my pages even after Logout.. I have visited many forms but majority saying Disable back button.. I want to achieve this through code rather than disabling back button.
My problem :
I m able to access previous page through back button after logout and I m able to access by typing the URL like "localhost/admin.aspx" after logging off...
Please help me in avoiding above two problems?? I m using C#..! Many thanks in advance..
In case of manual session management, Check for session on the pages meant to use only after login. On its PageLoad event use something like this
if(Session["SomeVar"]==null) {
// redirect to login page or somewhere else }
If you are using Membership Provider then I think it will do automatically for you.
Also you can set Cache Expiration Policy to avoid back buttons.Below is the code for the same
private void DisableClientCaching()
{
// Do any of these result in META tags e.g. <META HTTP-EQUIV="Expire" CONTENT="-1">
// HTTP Headers or both?
// Does this only work for IE?
Response.Cache.SetCacheability(HttpCacheability.NoCache);
// Is this required for FireFox? Would be good to do this without magic strings.
// Won't it overwrite the previous setting
Response.Headers.Add("Cache-Control", "no-cache, no-store");
// Why is it necessary to explicitly call SetExpires. Presume it is still better than calling
// Response.Headers.Add( directly
Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-1));
}