I need a small help which is very urgent and important. We have done a website. The page is degined in asp.net. We have used sessions and when we click on logout the session.abandon() is called. But when the user clicks the back button the previous page is shown. I dont want this, i want the index page to be shown even if the back button is clicked.

on the logout page, create a response.redirect so that when they logout, they are redirected to the main page. Then if they try to go back, it will redirect them to the main page.

In order to get around the logout issue you need to set the cache to 0. What is happening is your webpages are being cached in the browsers memory and when they click back it isn't displaying the actual page but what the browser has cached in memory.

I set my cache = -1500 and I have no problems with the back button issue.

the code looks like this:

Response.Expires = -1500

Hope this helps!

tsbarnes

tsbarnes is spot-on, but ...

The Wizzards sollution wount work as such cause if they hit back or use "alt" "<--" there's no server interaction. If they would reload or jump back to a non-cached page, there will be sent a request to the server and, the redirect will run.

So you need to combine the two. But still you wont be home, cause they can jump to the page therefore.(by typing in the url or whatever) and you can't set an unconditional redirect on top of each page. nd not allowing any page to be cached is not always a good idea !

My sollution is:
- if the session is started (or the login is validated, i set a session variable)
- On top of each page, i check if the sessionvariable is set. If it's not set, the user is redirected.
the only thing thats possible now, is that they run through cached pages (using back or whatever). As soon as they hit a link, they are redirected. If they try to reload a page, they are redirected. If you don't allow caching on any page, you'd be there, but i think this should only be considered if you're really concerned about privacy etc and if the application is used on shared computers.

(you can use the sessionvariable to decide if the user is allowed to view this page by using it as a security value. more info here
http://www.codingforums.com/showthread.php?s=&threadid=18372
it's classicala asp but you'll get the idea)

Hi tsbarnes,

the Response.Expires = -1500, what does the -1500 actually stands for? and is it in seconds, because I tried placing it on top of some pages, but I could still go Back.


Thanks
Abd

Try what raf said with using a session variable like "loggedIn".
So whan the user logs in, loggedIn=true, when they log out, loggedIn=false

So now you need to put a condition on all your pages. Check to see if the user is logged in, if not, redirect to index. You must also use the Response.Expires = -1500

Before you test this, you must make sure you clear your tempory internet files, and possibvle history(just in case) because the file has already been cached. This should sort you out... :)

Yeah still on Expires issue,

I have validated the user login, and place Response.Expires = -1500 after the line, but I could still go Back.

Abdul

Few possible reasons but most likely you didn't clean your cache, history etc like david7777 suggested.

So make sure to clean the history and cache, then browse the pages and check if they get cached. If they do get cached, make sure the date on your machine isn't more then 1500 minutes behind, compared to the server that runs the app.