ASP.NET authentication login and logout with browser back button

by

Worrying about the browser history and back button is going to give you headaches and genital warts. There are facilities built in to handle this problem.

Your logout link/button should point to a page containing this code, along with whatever else you want.

[vb.net]

Imports System.Web.Security

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _
 Handles MyBase.Load
    Session.Abandon()
    FormsAuthentication.SignOut()
End Sub

[c#]

using System.Web.Security;

private void Page_Load(object sender, System.EventArgs e)
{
    // Put user code to initialize the page here
    Session.Abandon();
    FormsAuthentication.SignOut();
}

Code comes from this page and is valid but the page is hard on the eyes.

A good Question/Answer regarding backbutton behavior can be found here.

Update:

pursuant to the conversation I am having with Matthew, disabling caching on individual pages that are sensitive or volitile can be done with code such as follows:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();

I am curious to know if it works for you as it does for me.

More Related Contents:

  1. How to assign Profile values?
  2. Custom MembershipProvider in .NET 4.0
  3. Multiple applications using same login database logging each other out
  4. SQL Network Interfaces, error: 26 – Error Locating Server/Instance Specified [closed]
  5. Using one Asp.net Membership database with multiple applications Single Sign On
  6. How to combine using Membership API with own application related data?
  7. Is there a way to keep a page from rendering once a person has logged out but hit the “back” button?
  8. ASP.NET MVC3 Role and Permission Management -> With Runtime Permission Assignment
  9. Is it possible to change the username with the Membership API
  10. Sitecore authenticate users against external membership database
  11. Are Parameters really enough to prevent Sql injections?
  12. Receiving login prompt using integrated windows authentication
  13. How can I force entity framework to insert identity columns?
  14. What does .d in JSON mean?
  15. Call ASP.NET PageMethod/WebMethod with jQuery – returns whole page
  16. Store/assign roles of authenticated users
  17. How to pass a datetime parameter?
  18. How to allow only integers in a textbox? [duplicate]
  19. thread messaging system database schema design
  20. Passing session data between ASP.NET Applications
  21. Nested ASP.NET ‘application’ within IIS inheriting parent config values?
  22. ASP.net session request queuing
  23. How to get Client Machine’s Mac Address in a Web application
  24. Does it help to use NGEN?
  25. ASP.net MVC4 WebApi route with file-name in it
  26. calling an ascx page method using jquery
  27. How should I detect the MIME type of an uploaded file in ASP.NET?
  28. What do the TargetFramework settings mean in web.config in ASP .NET MVC?
  29. Asp.Net Check file size before upload
  30. pass a value into next page

Leave a Comment