tags:

views:

1089

answers:

4
+1  Q: 

Problem with my Session variables in asp.net 2.0

I keep a Session variable when the user is logged in. So that when the user click on btnLogout it must clear all my sessions and Log the User out for GOOD!!!

It does clear my sessions but if i click the BACK button in IE right after i logged out then i am still logged in! Meaning it goes back to screen where the user was still logged into.

My code on log out

protected void btnLogout_Click
{
   Session.Clear();
   Session.Abandon();
   Session.RemoveAll();

   Response.Redirect("Home.aspx");
}

Why is this and how can i prevent this?

EDIT: Is there maybe an option in code i can do that will disable the user from pressing the BACK button in the Web Browzer?

+1  A: 

The browser maintains a cache of the page so simply hitting back will not make a request to the server to see if you're still logged in. You'd have to use HTTPS to ensure the cache is also protected.

Paul Alexander  2009-05-07 09:30:20
+2  A: 

There are several ways you can tell the browser not to cache the page either from code-behind, javascript or through HTML by using the following on the page

<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">

It would also have been good practise to add in your page_load event in the code-behind some code to ensure that the session variable still actually exists.

Zahir  2009-05-07 09:35:37
Thanks, but where must i place this when using MasterPages? Inside my MasterPage?
Etienne  2009-05-07 10:24:44
create a RequiresLogin page and inherit all login-required pages from that. Or just add it to the MasterPage if all child pages require this functionality..
Zahir  2009-05-07 19:37:47
+3  A: 

Is this really an issue though? Yes they could see their previous page as it has been cached, but as soon as they attempt to make any other legitimate requests within this context these will fail as your session variables are gone.

Unless you have some very specific reason for coding around this you would be solving a problem that doesn't really exist.

Charlie  2009-05-07 10:24:32
+3  A: 

You could put this in the Page_Init of your Master:

Response.Cache.SetNoServerCaching();
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Response.Cache.SetExpires(new DateTime(1900, 01, 01, 00, 00, 00, 00));

This is, e.g., what most bank websites do so you can't effectively use the back button.

chaiwalla  2009-05-08 02:42:37
Thank you so much!!!!!
Etienne  2009-05-08 07:10:08

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?