My asp .net application is facing issue where logged out users are using browser’s back-button to revisit previously accessed page. User cannot perform any server side events , but it would be much better if user are not allowed to view this page at all. I searched for a solution to stop this but most of the solution include writing code inside page that must be not be revisited like this one.
protected override void OnPreRender(EventArgs e)
{
base.OnPreRender(e);
string sb;
sb = "<script language=javascript>\n";
sb += "window.history.forward(1);\n";
sb += "\n</script>";
ClientScript.RegisterClientScriptBlock(Page.GetType(), "clientScript", sb);
}
This means that i will have to write code in every page that a logged-in user can visit .
Is there a better way to handle this issue? Im expecting an optimized solution whereby I will not have to write code in every page . Help will be much appreciated.
Based on your question, I understand you only want to prevent the usage of the Back button (to see previous data), but that your server-side works correctly and doesn’t allow logged-out users to perform any tasks…
If this is not the case, you should also add validation in your server side to make sure that a logged out user (which should be treated just like a user who never logged in) cannot do anything that requires permissions…!
Back to your question – you should disable caching in the browser.
In CodeBehind:
You can also use META tags in the ASPX page:
This will tell the browser that the page should not be cached and will not be reshown via the
BackbuttonIf this isn’t enough, you can also use JavaScript to clear the history, here is an example
Edit:
And if you want this code to appear only once, you can create a
BasePage(that derives fromPage) which has this logic. Then, any page in which you want this logic should derive from theBasePageinstead of the regularSystem.Web.UI.Page