I'm developing a secured asp.net application. In the app there is an signout button that when clicked takes a user back to the login page. My problem is that a user after signing out still has access to the site through the back button. Obviously this is a great security flaw. I don't think asp.net can invalidate/destroy the browser's cache, but how about javascript?
Does anyone know how to erase the history when the user reaches the login page from javascript?
Thank you,
V

javascript can't do that. if it were doable, it would be with ASP, and not javascript. in theory, however, that shouldn't at all be a problem, if you make being signed in rely on session variables, or cookies. by doing that, you could either delete the session variables at sign out, or delete or alter the cookie at sign, making it so that hitting back would be ineffective.