How to delete the history pages in ASP.net? In my application when the user logs out, i delete the session variables and expire the cookie(aspxauth and asp_net_sessionId) but however when user clicks on the back button of the browser, user could still see the pages with all the user information on it. However the page cannot interact the server as sessions are not available but expired pages contain demographic information which is an harmful scenario for Security issues. Any help appreciated.
+3
A:
You can't as far as I know. You can, however disable caching on the page which should give you the desired result. When the user clicks back, instead of showing the cached page, the page should get pulled again. And if you have your site setup right, it should redirect them to a login page.
adam0101
2010-10-21 15:27:04
+1. There are a few ways to do this, and the last I knew, there were inconsistencies in browsers. See this link for details on doing it properly: http://forums.asp.net/p/1060173/1519897.aspx
David Stratton
2010-10-21 15:29:50
+1
A:
If this is secure data, you should be serving it up HTTPS which will not cache it anyway. You could also try
response.Headers.Add("pragma", "no-cache");
response.Headers.Add("Cache-control", "no-cache, no-store, must-revalidate");
response.Headers.Add("Expires", "01 Apr 1995 01:10:10 GMT");
to get the page to expire immediately.
pjabbott
2010-10-21 15:28:39
A:
History pages are a browser, client-side feature, not server side. So you cannot remove than using ASP.NET and C#.
You could create a javascript, client-side code that would remove history, but I do not think this is good design. Maybe this is your only choice, but from a user standpoint I would find annoying to not be able to access browser history.
I guess you should think of a different strategy, like avoiding caching pages.
rsenna
2010-10-21 15:29:12