How Disable Browser Back Button only after Logout in mvc3.net

Question 1

You could clear the browser history when the user logs out:

var url = window.location.href;
window.history.go(-window.history.length);
window.location.href = url;

However this would not be particularly robust - it relies on javascript, it would not work across multiple tabs and may only serve to annoy the user. IMO the best bet is to set appropriate caching headers such that the browser will not cache any of your 'logged in' pages via a NoCacheAttribute applied appropriately:

public class NoCacheAttribute : ActionFilterAttribute
{  
  public override void OnResultExecuting(ResultExecutingContext filterContext)
  {
      filterContext.HttpContext.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
      filterContext.HttpContext.Response.Cache.SetValidUntilExpires(false);
      filterContext.HttpContext.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
      filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
      filterContext.HttpContext.Response.Cache.SetNoStore();

      base.OnResultExecuting(filterContext);
  }
}

Question 2

Use this code in the html page on which you need to control the back button.

$().ready(function() {
    if(document.referrer != 'http://localhost:8181/'){ 
        history.pushState(null, null, 'login');
        window.addEventListener('popstate', function () {
            history.pushState(null, null, 'login');
        });
    }
});

This code will block back button event. The if condition is for allowing the back button if the previous page is 'http://localhost:8181/'. Back button won't be working if the previous page is not 'http://localhost:8181/'. If you need to block all previous pages then avoid the if condition. The history.pushState statements will replace the url on the browser address bar to 'login'. So I recommend you to change 'login' with your page url.

Advantages of this method:-

No need to control the cache.
We could allow the back button event for specified previous pages and could block the rest.

Hoping my answer will help someone.

Question 3

Disabling back button is not a right way to achieve your need. Instead you can add the following three tags in your html file, which takes care of clearing cache.

<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">

Question 4

The easiest way I found is using OutputCache Attribute

[OutputCache(NoStore = true, Duration = 0, VaryByParam = "*")]
public class HomeController  : Controller
{
}

Question 5

 <script language="JavaScript" type="text/javascript">
    window.history.forward();              
 </script>

Question 6

Please go through the article http://www.aspdotnet-suresh.com/2011/11/disable-browser-back-button.html . I used the javacript function provided by the author in my layout page to prevent back button issue , as i need to provide access to certain pages to all visitors of my website.

This solution worked for me in IE 11 and Chrome Version 43.0.2357.130 m.

Hope this helps.

Question 7

var url = window.history.forward();
window.history.go(-window.history.length);

Question 8

If you want this for all your pages, you could write in your Global.asax:

protected void Application_BeginRequest()
{
Response.AddHeader("Cache-Control", "no-cache, no-store, must-revalidate");
Response.AddHeader("Pragma", "no-cache");
Response.AddHeader("Expires", "0");
}

This will not cache any page of your site.

Question 9

Please use this code in your Master Page Load Event.

if(!IsPostBack)
        {
            if (Session["LoginId"] == null)
                Response.Redirect("frmLogin.aspx");
            else
            {
                Response.ClearHeaders();
                Response.AddHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
                Response.AddHeader("Pragma", "no-cache");
                            }
        }

Hope it helps! :)