Hi,
it's not possible to completly remove back button function. But there are several workarounds out there.
Please read this solution:
http://www.irt.org/script/311.htm[
^]
An important point from SAKryukov (in my words):
Such blocking of the Back Button with Javascript can be tricked out.
You should carefully check at loading your Login-Page if user credentials are valid and the forms-authentication ticket gets removed (
FormsAuthentication.SingOut
Method), in case they're not valid, redirect them).
Useful links for understanding Authentication(settings description for your IIS-Server and ASP.NET Login Controls) and states:
SignOut() method
http://msdn.microsoft.com/de-de/library/system.web.security.formsauthentication.signout.aspx[
^]
Authentication:
http://msdn.microsoft.com/en-us/library/eeyk640h.aspx[
^]
States:
http://msdn.microsoft.com/en-us/library/75x4ha6s.aspx[
^]
If you want preventing that "last" data of page is shown to users when hitting back button after logout, don't cache the protected pages and also check credentials, otherwise redirect them. As said, this script is an addition to the much more important "basic" security settings.
With Best Regards