Domanda
I am having problem with logout. After Logging out of the application also, when a user presses browser back button those secured pages are displaying.
And also the page load event is not firing for browser back button. I am using master page and content page.
My logout functionality is in master page.
https://stackoverflow.com/questions/15630936
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian Session.Clear();
Session.Abandon();
Session.RemoveAll();
Response.Redirect("~/Default.aspx");
Here my login page is Default.aspx.
Soluzione
What you need to do is, just don't cache the page that you want to prevent user from access after you logs out:
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Altri suggerimenti
I think you should not redirect to Default.aspx, in my way, I usually create a "middle page", this page will check sessions and and prevent go back previous page after logout.
The route could be like this: logout -> clear session page -> login page
So, from login page, if you click back button on browser, it would let you to clear session page and go back login area.
