问题
I am using FormsAuthentication for userlogin. I am having a problem after user logs out successfuly the back button is browser allows user to view pages. I tried using javascript
<script type = "text/javascript" >
function preventBack() { window.history.forward(1); }
setTimeout("preventBack()", 0);
window.onunload = function () { null };
</script>
But back button is completly disabled. It worked bt,I dont want to disable back button functionality when user is logged in. i want my LOGGED IN user to use browser back button as normal. But once he choosed to log out, he is not allow to see any of contents by pressing Back. I also tried using
Session.Abandon();
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now);
But this is also not working.how do I fix this?
回答1:
You could clear the browser history when the user logs out:
var url = window.location.href;
window.history.go(-window.history.length);
window.location.href = url;
However this would not be particularly robust - it relies on javascript, it would not work across multiple tabs and may only serve to annoy the user. IMO the best bet is to set appropriate caching headers such that the browser will not cache any of your 'logged in' pages via a NoCacheAttribute applied appropriately:
public class NoCacheAttribute : ActionFilterAttribute
{
public override void OnResultExecuting(ResultExecutingContext filterContext)
{
filterContext.HttpContext.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
filterContext.HttpContext.Response.Cache.SetValidUntilExpires(false);
filterContext.HttpContext.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
filterContext.HttpContext.Response.Cache.SetNoStore();
base.OnResultExecuting(filterContext);
}
}
回答2:
Use this code in the html page on which you need to control the back button.
$().ready(function() {
if(document.referrer != 'http://localhost:8181/'){
history.pushState(null, null, 'login');
window.addEventListener('popstate', function () {
history.pushState(null, null, 'login');
});
}
});
This code will block back button event. The if condition is for allowing the back button if the previous page is 'http://localhost:8181/'. Back button won't be working if the previous page is not 'http://localhost:8181/'. If you need to block all previous pages then avoid the if condition. The history.pushState statements will replace the url on the browser address bar to 'login'. So I recommend you to change 'login' with your page url.
Advantages of this method:-
- No need to control the cache.
- We could allow the back button event for specified previous pages and could block the rest.
Hoping my answer will help someone.
回答3:
Disabling back button is not a right way to achieve your need. Instead you can add the following three tags in your html file, which takes care of clearing cache.
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
回答4:
The easiest way I found is using OutputCache Attribute
[OutputCache(NoStore = true, Duration = 0, VaryByParam = "*")]
public class HomeController : Controller
{
}
回答5:
<script language="JavaScript" type="text/javascript">
window.history.forward();
</script>
回答6:
Please go through the article http://www.aspdotnet-suresh.com/2011/11/disable-browser-back-button.html . I used the javacript function provided by the author in my layout page to prevent back button issue , as i need to provide access to certain pages to all visitors of my website.
This solution worked for me in IE 11 and Chrome Version 43.0.2357.130 m.
Hope this helps.
回答7:
var url = window.history.forward();
window.history.go(-window.history.length);
回答8:
Please use this code in your Master Page Load Event.
if(!IsPostBack)
{
if (Session["LoginId"] == null)
Response.Redirect("frmLogin.aspx");
else
{
Response.ClearHeaders();
Response.AddHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
Response.AddHeader("Pragma", "no-cache");
}
}
Hope it helps! :)
来源:https://stackoverflow.com/questions/14437987/how-disable-browser-back-button-only-after-logout-in-mvc3-net