avoid a page going back to site after logging out

[nvv via DotNetMonster.com]

Hi,
I am working on a web site which authenticates an user using forms. And once they logout, I observed that, for any reason if they click on "BACK" button of the browser, the user is being taken back to the site instead taking them to "login" page. I used formsAuthentication signout method and also used session's abandon method in signout event. Still I don't know why I am facing that problem. Please tell me what else I need to do in order to avoid that and present them with loging page like it happens with any email web site.

Thanks,

 

[MWells]

Most likely you're seeing the contents of the browser cache, and not a new
page generated by the server. Try hitting the back button and then F5 for
refresh; you should be redirected to login.

This isn't a security violation per-se; however it raises an interesting
question regarding the sanctity of confidential information. When you log
out, it would be nice to know that a new user approach the machine couldn't
browse the cache so easily and view your previously-seen documents.

A few possibilities;

+ Do some work to prevent the browser from caching the page. Historically,
this has been somewhat unreliable, but there are some solutions that seem to
behave consistently.

+ Immediately after logout, try writing some js out to close the browser.

+ Immediately after logout, try writing some js to clear the history.

You'll no doubt have different issues with different web browsers, and even
more complex issue dealing with proxy server caches, but it's somewhere to
start.

/// M

Hi,
I am working on a web site which authenticates an user using forms. And

once they logout, I observed that, for any reason if they click on "BACK"
button of the browser, the user is being taken back to the site instead
taking them to "login" page. I used formsAuthentication signout method and
also used session's abandon method in signout event. Still I don't know why
I am facing that problem. Please tell me what else I need to do in order to
avoid that and present them with loging page like it happens with any email
web site.

 

[Maheeja Swarna via DotNetMonster.com]

Mr. Wells,

I am working on intranet. So, no problem of browser type or version. Is there any way that we can avoid in the way it happens in yahoo mail. I mean, whatever the page that the user requests, he must be redirected to login(that includes after logging out and hitting browser's back button). Like how it happens even with this site(dotnetmonster).
Please help. If boss wants like that, we have to do that.

Thanks,
nvv