Click here to Skip to main content
15,309,126 members
Please Sign up or sign in to vote.
5.00/5 (2 votes)
See more:
Hi,

I am facing a problem with login in my website (asp.net C#).
When I login using loginid and password the login is successful.

I have written the code to check and authenticate a user while logging in, but the problem occurs after logout.
On clicking logout link I redirect the user to login page, or whatsoever, but when I press back button of browser then the same page is reopened i.e. page before logout.

Please help me.

I used session and cookies for this but (session is expired and cookies are destroyed)
The problem remains.

I see lots of websites(asp.net) they also have the same problem, like 160by2.com you can check this website.


Please help me regarding this.
Thanks & Regards.
Posted
Updated 2-Nov-10 22:41pm
v2
Comments
Sunasara Imdadhusen 3-Nov-10 3:04am
   
How you logout from system? Please send code snippet.
Dalek Dave 3-Nov-10 4:42am
   
Edited for Grammar, Syntax and Readability.

Hand-rolling ASP.NET security is a pretty complicated task, and isn't just a matter of putting some code in each page (or a superclass), this methodolgy is pretty brittle, as you have found out.
Helpfully, the framework has a good ASP.NET infrastructure for handling Authentication and Authorisation: The basics are here:
http://www.asp.net/security/tutorials/security-basics-and-asp-net-support-cs[^], the Membership and Role Providers are of special intrest. This[^] and this[^] and this[^] should be enough to get you started :-)
   
If you are using forms authentication
// Page load event of Logout.aspx
FormsAuthentication.SignOut();
Response.Redirect("Default.aspx");

Similar discussion here[^]
   
Hi You can set following code in your Global.asax file
C#
void Session_Start(object sender, EventArgs e)
  {
    // Code that runs when a new session is started
      if (Session["UserID"] == null)
      {
          Response.Redirect("Login.aspx?Message=Please login...");
      }


}


Please do let me know, if you have any doubt.

Please provide "Vote":thumbsup: if this would be helpful, and make "Accept Answer" if this would be correct answer.:rose:

Thanks,
Imdadhusen
   
on your logout page's page_load write

Page.SetNoCache();
   
put this script in your logout page means a page from which you are logging out it will disable your back button for your log out page...


use this script put it in head tag
script is..

<script type = "text/javascript" >
        function disableBackButton() {
            window.history.forward();
        }
        setTimeout("disableBackButton()", 0);

</script>
   
Comments
Keith Barrow 3-Nov-10 3:35am
   
My Vote of 1: The code you provided will do what you say it will, it won't fix the OP's Original Problem. His website is not properly secured if he can display anything other than public pages without logging in.
C#
<script>
window.history.forward(1);
document.attachEvent("onkeydown", my_onkeydown_handler);
function my_onkeydown_handler()
{
switch (event.keyCode)
{
case 116 : // F5;
event.returnValue = false;
event.keyCode = 0;
window.status = "We have disabled F5";
break;
}
}
</script>


Use to disable backbutton after logout.
   
v2
Comments
Keith Barrow 3-Nov-10 3:35am
   
My Vote of 1: The code you provided will do what you say it will, it won't fix the OP's Original Problem. His website is not properly secured if he can display anything other than public pages without logging in.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900