views:

144

answers:

6

I want to prevent my website from putting any information in the browser history of any user. I am using asp .net to build my website. Any idea how can i perform this?

+3  A: 

Not possible. That's a client side setting which is in no way controllable from the server side on. If it was possible, it would have been a serious security hole as well.

Edit: According to the comments and posts, do you actually want to disable the caching of the requests? If so, then you basically need to add the following set of response headers in the HTML <head> of the pages in question:

<meta http-equiv="cache-control" content="no-cache,no-store,must-revalidate">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="0">

I don't do ASP.NET, but you must be able to do similar programmatically. Check the response object, it should have a method something like setHeader(name, value).

That however still doesn't prevent the URL's to the pages from appearing in the browser history.

BalusC
I am asking just about visited hyperlinks.
Izabela
Now I don't understand you anymore. What's the problem with visited hyperlinks? The link color? You can control that with just a little shot of CSS.
BalusC
+1  A: 

Remove any a:visited rules from your CSS stylesheet.

IrishChieftain
+2  A: 

Other than the obvious question of why you would want to do this, I think you're going to have a very difficult time keeping information out of a browser from the server side of things.

You might want to to take a look at this page about HTML Meta Tags and look into the CACHE-CONTROL and PRAGMA NO-CACHE options of the meta tag.

Good luck, and hope this helps.

Chris
+2  A: 

Some websites do this by creating their website within flash, silverlight, Javascript or some other application framework that disassociates the URL from the displayed content.

If done carefully you can present all your content to the user and provide a 'normal' browsing experience, but the only thing they'll see in their history is one URL.

If you want to avoid any data staying on the client, you'll need to be more careful. AJAX requests may be cached. You may have to use Flash or Silverlight if you want to control caching more carefully so data is never written to disk, and there are pitfalls in those as well. There are ways around it (such as not using HTTP) but it becomes more difficult from both a client and server perspective.

Adam Davis
+1  A: 

Make all links on your site into POST requests hitting the same URL. That page will be a simple asp page which returns the real page. Note that this has side effects beyond merely preventing your site from having a proper history. These may or may not be acceptable effects.

Brian
+2  A: 

Sure. Always navigate to the same aspx page and display the contents dynamically based on the POST parameters.

Otávio Décio