Security Weakness in Asp.Net

Question

0.00/5 (No votes)

See more:

when i Click on logout button in my .net application and then when i press back button key in browser i will be autometically sign in ...
i need solution for it...
Generally Website should ask username and password.

Posted 28-May-12 0:19am

mtesh

Updated 28-May-12 0:41am

member60

v2

Add a Solution

Comments

bbirajdar 28-May-12 9:14am

Its not the security weakness friend.Its the issue with your implementation.

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

member60 · Answer 1 · 2012-05-28T00:41:00

Solution 1

refer the following url, where Sandeep Mewara has posted Tip for such issue.:
Browser back button issue after logout[^]

hope it helps.

Posted 28-May-12 0:41am

member60

Updated 28-May-12 1:00am

v2

Comments

Sandeep Mewara 28-May-12 8:29am

5! :)

member60 29-May-12 1:33am

thank you sandeep !

Prasad_Kulkarni · Answer 2 · 2012-05-28T01:27:00

You will need to make sure the pages behind the login (those that can only be accessed after login) are not cached in the browser:

C#

Page.Response.Cache.SetCacheability(HttpCacheability.NoCache);

If using forms authentication, you will also need to abandon the session and logout:

C#

Session.Abandon();
FormsAuthentication.SignOut();

Browser back button[^]
Disable back button[^]

Please refer a good answer on same question:
How to disable browser back bottun after logout.[^]

Another solved answer:
After Logout Their is Back Button Problem[^]

Some more useful links:
Back Button issue after Logout in ASP.NET[^]
How to disable back button of the browser after logout[^]

Prosan · Answer 3 · 2012-05-28T03:01:00

on clicking of logout button remove all the sessions (Session.Abandon()). and on every page check a particular session (create a common functiion) if it is null than redirect to your default error page.

and i give u link k hope it will more help

ASP.NET web application security review: Do's & Don'ts[^]

Dylan Morley · Answer 4 · 2012-05-28T04:33:00

Solution 4

Can't miss an opportunity to post my link as well!

Web Development - Disabling the back button[^]

Posted 28-May-12 4:33am

Dylan Morley

Security Weakness in Asp.Net

4 solutions

Solution 1

Solution 2

Solution 3

Solution 4

Add your solution here

Preview 0