In this article let’s see how to disable the browsers back button, to prevent the user navigate back after he had logged out his session. We can do this by JavaScript.
Add this JavaScript to the html section of your logout page
<script type = "text/javascript" >
function preventBack(){window.history.forward();}
setTimeout("preventBack()", 0);
window.onunload=function(){null};
script>
<meta http-equiv="Expires" CONTENT="0">
<meta http-equiv="Cache-Control" CONTENT="no-cache">
<meta http-equiv="Pragma" CONTENT="no-cache">
And in the code behind you need to clear the session. The code behind page looks like this
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
public partial class logout : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
lblPreURL.Text = Request.UrlReferrer.ToString();
}
DisableBufferingOnPage();
Session.Clear();
FormsAuthentication.SignOut();
}
protected void DisableBufferingOnPage()
{
Response.Buffer = true;
Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
// set expiry date in the past
Response.Expires = -1;
Response.CacheControl = "no-cache";
Response.Cache.SetNoStore();
Response.AppendHeader("Pragma", "no-cache");
Response.AppendHeader("Cache-Control", "no-cache");
Response.CacheControl = "no-cache";
Response.Expires = -1;
Response.ExpiresAbsolute = new DateTime(1900, 1, 1);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
}
So once the user logs out, the session is cleared and he will be redirected the previous Url. We are not disabling the browsers back button, but we are preventing the user to navigate backward after his session is cleared.
