After user logs-in to a website by authenticating using his credentials, if he clicks back button in browser and comes back to log-in page, then how to restrict the user when he tries to visit other pages with out providing the credentials again?
views:
92answers:
2
+1
A:
Whenever a user comes to the login page, remove the authentication cookie. This way, without the authentication cookie, the user won't be able to go to any other page.
But when the user clicks the back button, you'll have to write the following code in the login page's Page_Load method to disable caching -
Response.AddHeader("Expires", "-1");
Response.AddHeader("Cache-Control", "no-store, no-cache, must-revalidate");
Response.AddHeader("Pragma", "no-cache");
Kirtan
2009-08-07 05:44:38
Whether SetHeader() method is available in Response class?
srikanthv
2009-08-07 05:53:36
A:
You must use this code, this avoids the caching of the page:
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1
Muhammad Akhtar
2009-08-07 05:46:37