发表新帖
发表新帖

How to disable the back button in browser when user logout in asp.net c#

前端 未结
关注
7 1955
名媛妹妹
名媛妹妹 2020-12-06 02:31

Our problem is we are able to clear session on logout.

But if a user clicks the back button then he/she can go through all previous screens.

But the advantag

相关标签:
7条回答
  • 爱一瞬间的悲伤
    2020-12-06 03:02

    An earlier variation of the same question/answer:

    Is there a way to keep a page from rendering after a person has logged out but hit the "back" button

    0 讨论(0)
  • 轮回少年
    2020-12-06 03:03

    For ASP.NET pages you can use Response.CacheControl to control how a page is stored in a users cache. Other web development languages will utilize something similar.

    0 讨论(0)
  • 梦毁少年i
    2020-12-06 03:04

    You can't "disable" the back button. There are numerous "tricks" that i've seen that can clear out the back history, but these are unreliable and they don't work from browser to browser, or even version of browser to version of browser.

    As others have said, the correct method is invalidate the cache, along with server side validation that the session is no longer valid if they try to resend data. Also, Response.Redirect works better than a postback, since that causes a get rather than a post.

    0 讨论(0)
  • 南笙
    2020-12-06 03:05

    This is the solution I found on Coding Solutions

    in the master page

        protected void Page_Load(object sender, EventArgs e)
    {
        Response.ClearHeaders();
        Response.AppendHeader("Cache-Control", "no-cache"); //HTTP 1.1
        Response.AppendHeader("Cache-Control", "private"); // HTTP 1.1
        Response.AppendHeader("Cache-Control", "no-store"); // HTTP 1.1
        Response.AppendHeader("Cache-Control", "must-revalidate"); // HTTP 1.1
        Response.AppendHeader("Cache-Control", "max-stale=0"); // HTTP 1.1
        Response.AppendHeader("Cache-Control", "post-check=0"); // HTTP 1.1
        Response.AppendHeader("Cache-Control", "pre-check=0"); // HTTP 1.1
        Response.AppendHeader("Pragma", "no-cache"); // HTTP 1.1
        Response.AppendHeader("Keep-Alive", "timeout=3, max=993"); // HTTP 1.1
        Response.AppendHeader("Expires", "Mon, 26 Jul 1997 05:00:00 GMT"); // HTTP 1.1
    }

    Control LoginStatus

        protected void LoginStatusUser_LoggedOut(object sender, EventArgs e)
    {
        Session.Abandon();
        FormsAuthentication.SignOut();
    }
    0 讨论(0)
  • 难免孤独
    2020-12-06 03:08

    You need to force the cache to expire for this to work. I'm looking for the code sample for you.

    EDIT
    Found this for you, its already been addressed here on SO.

    Page.Response.Cache.SetCacheability(HttpCacheability.NoCache)

    Here...

    0 讨论(0)
  • 生来不讨喜
    2020-12-06 03:09

    write this code in master page in page load event

    Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();

    and write this code in Login page in head section

    <script type="text/javascript">
window.history.forward(-1);
</script>
    0 讨论(0)
 看不清?
提交回复
热议问题