How to prevent a logged-out user from navigating to past pages?

[Guest]

Hi,

After the user is signed out and taken to the login page, they can still use
the back & history features in the browser to access pages. Every page
(except login) has a check at the beginning to redirect the user after being
logged out, but when the page is accessed via back button, the debugger
doesn't stop at that code b/c the page is cached and is not generated at the
server.

How can I make these pages disappear from the history?

Thank you in advance,

Richard

 

[Guest]

Hi Richard,
you have to turn off caching of your web pages on client browser. Put
following directive <%@ OutputCache Location="None" VaryByParam="None" %> to
each page you are securing by authentication so when client press back button
it will force browser to request the page from server and to load it from
cache.

You can also make caching profile in your web.config file and load profile
in your pages, your settings will be centralized.

<system.web>
<outputCacheSettings>
<outputCacheProfiles>
<add name="myProfile" location="None" VaryByParam="None" />
</outputCacheProfiles>
</outputCacheSettings>
</system.web>

Each page will refernce your profile by adding this directive:
<%@ OutputCache CacheProfile="myProfile" />

Best regards,
Ladislav

<

Regards,
Ladislav