Thursday, January 13, 2011

Disabling browser’s back functionality on logout from Asp.Net


Today I come with a pretty cool problem or say requirement that our client demand from us. He want, when a user sign out from our site then he will redirect to home page and if he try the back button then the back page should not opened. Because that page is secure page and we have to disable the back button.

I search it and found a good solution.

When we request any page from server, browser maintains its cache in local system. When user press back button the cached page opened in front of user.

Its mean we have to disable the cache functionality for our session pages. So for this you have to insert this code into “Page_Load” event of the session page or to master page that is used for secure pages.

Response.Buffer= true;
Response.Expires =-1500;
Response.CacheControl = “no-cache”;
if(Session["SessionId"] == null)
Response.Redirect (“Home.aspx”);

This code just disable the cache for current page and save this page in buffer.

And buffer is maintained in memory so when user logout the buffer will
destroy and no backup copy of that page available to view.

So its mean we successfully disable the back button.

No comments: