CODEWITHSUNDEEP
asp.net
Sudix
Sudix

Reputation: 640

Logout using session in asp.net

I'm trying to clear session in 'logout' link usingSession.Abandon();. After Logout I redirected back to login page.But even after logout I could visit previous pages using browser's back button. How can I solve it?

Upvotes: 3

Views: 3773

Answers (4)

Blachshma
Blachshma

Reputation: 17395

Based on your comments, your session HAS been abandoned.

What you're seeing is a "snapshot" of the page saved in the cache by the browser. As long as in your code behind you make sure that you have a valid session before allowing the user to perform any tasks on your pages, you should be fine.

There are various answers on how to try and disable the cache, so that pressing the back button won't show the previous page - but as far as it goes to your question - you HAVE logged out and your session IS gone...

Upvotes: 1

Aristos
Aristos

Reputation: 66641

You need to disable all type of cache on browser for that page as:

Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-4));
Response.Cache.SetValidUntilExpires(false);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
Response.Cache.SetNoStore();
Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0));
Response.Expires = 0;
Response.CacheControl = "no-cache";
Response.AppendHeader("Pragma", "no-cache");
Response.Cache.AppendCacheExtension("must-revalidate, proxy-revalidate, post-check=0, pre-check=0");

Upvotes: 0

Usman Khalid
Usman Khalid

Reputation: 3110

Try this code :

// Code disables caching by browser. Hence the back browser button
// grayed out and could not causes the Page_Load event to fire 
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();

You can add something similar in form aspx if you want to place it there:

<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">

OR one can set this in logout event:

protected void LogOut()   
{       
     Session.Abandon();       
     string nextpage = "Logoutt.aspx";       
     Response.Write("<script language="javascript">");             
     Response.Write("{");       
     Response.Write(" var Backlen=history.length;");       
     Response.Write(" history.go(-Backlen);");       
     Response.Write(" window.location.href='" + nextpage + "'; ");
     Response.Write("}");       
     Response.Write("</script>");   
}

for reference see : http://www.codeproject.com/Tips/135121/Browser-back-button-issue-after-logout

Upvotes: 0

marknuzz
marknuzz

Reputation: 2942

Try putting this on your code-behind:

Page.Response.Cache.SetCacheability(HttpCacheability.NoCache)

Upvotes: 0

Related Questions