Well, I found lot of people asking resolution to handle the browser's back button once user has logged out.
Typically, users report something like:
I am facing issue in my application's logout scenario. After the user login into website, he/she uses it(website) and when done, they do a logout, which lead them back to login page. But the problem is now, from this login page if I click the browser back button then it again takes the user back to the previous visited page as if logged in. How can I stop user to view the previous page once logged out?
So, what's the basic reason behind it? It's, browser's Cache!
Now, what can be done to handle the scenario? Surely on logout event one does clear the session. Apart from that, caching has to be handled.
One need to clear the cache such that browser has no history (this will make back/forward button in browser grayed out disabled.) Here are various ways of how one can do it:
one can clear browser history through JavaScript:
one can set this in logout event:
Typically, users report something like:
I am facing issue in my application's logout scenario. After the user login into website, he/she uses it(website) and when done, they do a logout, which lead them back to login page. But the problem is now, from this login page if I click the browser back button then it again takes the user back to the previous visited page as if logged in. How can I stop user to view the previous page once logged out?
So, what's the basic reason behind it? It's, browser's Cache!
Now, what can be done to handle the scenario? Surely on logout event one does clear the session. Apart from that, caching has to be handled.
One need to clear the cache such that browser has no history (this will make back/forward button in browser grayed out disabled.) Here are various ways of how one can do it:
// Code disables caching by browser. Hence the back browser button
// grayed out and could not causes the Page_Load event to fire
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();You can add somethin similar in form aspx if you want to place it there:<META Http-Equiv="Cache-Control" Content="no-cache">OR
<META Http-Equiv="Pragma" Content="no-cache"> <META
Http-Equiv="Expires" Content="0">
one can clear browser history through JavaScript:
//clears browser history and redirects url
<SCRIPT LANGUAGE="javascript">
{
var Backlen=history.length;
history.go(-Backlen);
window.location.href=page url
}
</SCRIPT> ORPage.ClientScript.RegisterStartupScript(this.GetType(),"cle",
"windows.history.clear",true);ORone can set this in logout event:
protected void LogOut()
{
Session.Abandon();
string nextpage = "Logoutt.aspx";
Response.Write("<script language="javascript">");
Response.Write("{");
Response.Write(" var Backlen=history.length;");
Response.Write(" history.go(-Backlen);");
Response.Write(" window.location.href='" + nextpage + "'; ");
Response.Write("}");
Response.Write("</script>");
}
No comments :
Post a Comment