Browser's Back Button

[A.M]

Hi,

When I call FormsAuthentication.SignOut(); the user is not authenticated
anymore, but if user clicks on browser's Back button, all previously viewed
pages are viewable.

How can I prevent users seeing prevoiusly viewed pages using browser's Back
Button ?

Thanks,
Alan

 

[bruce barker]

you need to expire them, so they can not be read from the browsers cache.
note: this will cause a the browser to raise an alert box (must repost data)
whenever the user uses the back button, even when logged in.

-- bruce (sqlwork.com)

 

[Raterus]

First off, realize that they aren't going to see anything they hadn't seen before...

Take a look at this, as I believe this is the more preferred method in asp.net
http://samples.gotdotnet.com/quickstart/aspplus/doc/outputcaching.aspx

Also, you can set Response.Expires = 0 to instruct the browser that all authenticated content expires immediately, that way they browser will "hopefully" not show a cached version. I bet you can set this in global.asax in the Sub Application_BeginRequest and handle every page in your application. Realize though that this method was provided for compatibility with classic asp pages.

--Michael

 

[Steve C. Orr [MVP, MCSD]]

The page is probably being cached.
To turn off caching for the page, use this code:

Response.Expires = 0
Response.Cache.SetNoStore()
Response.AppendHeader("Pragma", "no-cache")

Also note that if you pop open a new window, that window has no history so
the back button will be disabled.