Click here to Skip to main content
Click here to Skip to main content

Tagged as

Browser back button issue after logout

, 20 Feb 2013
Rate this:
Please Sign up or sign in to vote.
How to stop user from accessing the previous pages once he/she logs out and presses browser back button.
Well, I found a lot of people asking for a resolution to handle the browser's back button once user has logged out.
 
Typically, users report something like:
I am facing issue in my application's logout scenario. After the user login into website, he/she uses it(website) and when done, they do a logout, which leads them back to login page. But the problem is now, from this login page, if I click the browser back button then it again takes the user back to the previous visited page as if logged in. How can I stop user from viewing the previous page once logged out?

The browser Back button is an option to go back to previously visited pages. The back button can be considered as a pointer that is linked to the page previously visited by the user. Browser keeps a stack of the web pages visited as a doubly-linked list.

The back button works by stepping through the history of HTTP requests which is maintained by the browser itself. This history is stored in browsers cache that consists of the entire page content with resources like image and scripts. This enables browser to navigate backwards and forwards through the browser history and have each page displayed instantly from cache without the delay of having it retransmitted over the internet from the server.

Just to handle the scenario of getting page content from server, browsers have a Refresh button that transmits the request to web server and get back the fresh copy of entire page. Internally, this also replaces the copy of the page in the browser's cache.

So, what's the basic reason behind it? It's, browser's Cache!
Now, what can be done to handle the scenario? Surely on logout event one does clear the session. Post which, browsers cache needs to be handled such that browser has no history (this will make back/forward button in browser grayed out disabled.) Here are various ways of how one can do it:

Option #1: Set Response Cache settings in code-behind file for a page
// Code disables caching by browser.
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
Option #2: Set META tag for HTTP cache settings in your ASPX page header
<META Http-Equiv="Cache-Control" Content="no-cache"/>
<META Http-Equiv="Pragma" Content="no-cache"/>
<META Http-Equiv="Expires" Content="0"/>
Option #3: Clear browser's history through JavaScript using script tag
//clears browser history and redirects url
<SCRIPT LANGUAGE="javascript">
function ClearHistory()
{
     var backlen = history.length;
     history.go(-backlen);
     window.location.href = loggedOutPageUrl
}
</SCRIPT>
Option #4: Clear browser's history through JavaScript injecting through code-behind file via Response
protected void LogOut()
{
     Session.Abandon();
     string loggedOutPageUrl = "Logout.aspx";
     Response.Write("<script language="'javascript'">");
     Response.Write("function ClearHistory()");
     Response.Write("{");
     Response.Write(" var backlen=history.length;");
     Response.Write(" history.go(-backlen);");
     Response.Write(" window.location.href='" + loggedOutPageUrl + "'; ");
     Response.Write("}");
     Response.Write("</script>");
}
Option #5: Clear browser's history through JavaScript injecting through code-behind file via Page.ClientScript
Page.ClientScript.RegisterStartupScript(this.GetType(),"clearHistory","ClearHistory();",true);
UPDATE:
As Chris[^] suggested, I would like to add here itself as a part of the Tip/Trick that I would not suggest to use it and mess with browser's history as this is a bad, bad thing.
One should implement it, only if they really need it and are prepared to accept that it is not a good practice.
 
Lastly, this would not work if one disables JavaScript.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Sandeep Mewara
Software Developer (Senior)
India India
Current location: Bangalore, India.
Follow on   Twitter

Comments and Discussions

 
GeneralReason for my vote of 5 good one PinmemberPrince Antony G13-Dec-11 1:14 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.140821.2 | Last Updated 20 Feb 2013
Article Copyright 2010 by Sandeep Mewara
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid