Is there a way to keep a page from rendering once a person has logged out but hit the “back” button?

by

The short answer is that it cannot be done securely.

There are, however, a lot of tricks that can be implemented to make it difficult for users to hit back and get sensitive data displayed.

Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(Now.AddSeconds(-1));
Response.Cache.SetNoStore();
Response.AppendHeader("Pragma", "no-cache");

This will disable caching on client side, however this is not supported by all browsers.

If you have the option of using AJAX then sensitive data can be retrieved using a updatepanel that is updated from client code and therefore it will not be displayed when hitting back unless client is still logged in.

More Related Contents:

  1. Disabling browser caching for all browsers from ASP.NET
  2. Disable browser cache for entire ASP.NET website
  3. Can some hacker steal a web browser cookie from a user and login with that name on a web site?
  4. What is the “Temporary ASP.NET Files” folder for?
  5. What are all the user accounts for IIS/ASP.NET and how do they differ?
  6. What is the App_Data folder used for in Visual Studio?
  7. IIS7 Cache-Control
  8. ASP.NET MVC how to disable automatic caching option?
  9. How serious is this new ASP.NET security vulnerability and how can I workaround it?
  10. ASP.NET MVC and IE caching – manipulating response headers ineffective
  11. ASP.NET authentication login and logout with browser back button
  12. X-Frame-Options Allow-From multiple domains
  13. Asp.net Identity password hashing
  14. ASP.Net Download file to client browser
  15. MemoryCache Empty : Returns null after being set
  16. Session Fixation in ASP.NET
  17. How to restrict folder access in asp.net
  18. What’s the best method for forcing cache expiration in ASP.NET?
  19. Redirect to a page with endResponse to true VS CompleteRequest and security thread
  20. How to Customize ASP.NET Web API AuthorizeAttribute for Unusual Requirements
  21. How to disable caching of single page application HTML file served through IIS?
  22. Cannot use a leading ../ to exit above the top directory
  23. How to limit page access only to localhost?
  24. Form Authentication – Cookie replay attack – protection
  25. Stop Visual Studio from launching a new browser window when starting debug?
  26. Preventing iframe caching in browser
  27. Any way to clear/flush/remove OutputCache?
  28. IIS and Static content?
  29. Web authentication state – Session vs Cookie?
  30. When Does Asp.Net Remove Expired Cache Items?

Leave a Comment