How can I prevent user to visit previous pages using javascript after user logout in asp.net

Question

0.00/5 (No votes)

See more:

Hi friends, I have 2 master pages Default.aspx is from Site.Master and some more pages that are from Admin.Master, I have used the code that to prevent the user from going back to previous pages after logout.

Here is my code

JavaScript

 function preventBack() 
   {
   window.history.forward();

   }
setTimeout("preventBack()", 0);
window.onunload = function () { null };

The problem I am facing is that I am able to go back among pages that uses Admin.

Master page i.e I have Home.aspx, AboutUs.aspx,Admin.aspx,AddItem.aspx I was unable to navigate between those pages also. Please tell me how to solve this. I have tried other methods also, but still facing same problem.

Thanks in Advance

Ganesh

Posted 3-Oct-12 20:53pm

Ganesh KP

Updated 3-Oct-12 22:26pm

DaveAuld

v2

Add a Solution

Comments

Joan M 4-Oct-12 3:04am

Wouldn't it be better to check the logged status in all the pages at the beginning? if you are not logged in then at the page load you could redirect the user to another place...

I can imagine a simple way to kill your javascript method: going to the history of the browser you are using and then clicking on a link which you would like to protect...

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**Zoltán Zörgő** · Answer 1 · 2012-10-03T22:51:00

Make sure that admin pages are not cached (at all or just for a short period) on client side. There is no way to prevent user accessing the previous urls but you can prevent them seeing what was on them. Of course, disabling caching will increase web server roundtrips. Such javascript snippets are useless, since they can be disabled, and worked around in several ways.
See this article: http://www.extremeexperts.com/Net/FAQ/DisablingBackButton.aspx[^] for dealing with this from code, and from web.config: http://msdn.microsoft.com/en-us/library/ms178606(VS.80).aspx[^]

Member 3812793 · Answer 2 · 2012-10-03T23:53:00

Solution 2

I think It's better to set a session variable at login page then check the login session every page on pageload and prevent caching eg:

C#

Response.Cache.SetCacheability(HttpCacheability.NoCache);
if(Session["mysession"] != null)
{
response.redirect("login.aspx")
} 
else {....}

Posted 3-Oct-12 23:53pm

Member 3812793

Updated 3-Oct-12 23:57pm

v2

Comments

Ganesh KP 4-Oct-12 23:38pm

Yes I have done this way but I am un able to go. All I want is that to Update the session value using javascript. I know that we cannot update the session variable using javascript but with the combination of Js and cookies it can be done but I didnot know how to do that. So Please tell me an alternative way of doing this.

sakshi1111 · Answer 3 · 2012-10-04T00:49:00

One needs to clear the cache such that browser has no history (this will make back/forward button in browser grayed out disabled.) Here are various ways of how one can do it:

One can clear browser history through JavaScript:

XML

<SCRIPT LANGUAGE="javascript">
{
     var Backlen=history.length;
     history.go(-Backlen);
     window.location.href=page url
}
</SCRIPT>

one can set this in logout event:

XML

protected void LogOut()
{
     Session.Abandon();
     string nextpage = "Logoutt.aspx";
     Response.Write("<script language="javascript">");
     Response.Write("{");
     Response.Write(" var Backlen=history.length;");
     Response.Write(" history.go(-Backlen);");
     Response.Write(" window.location.href='" + nextpage + "'; ");
     Response.Write("}");
     Response.Write("</script>");
}

Member 9939026 · Answer 4 · 2015-09-11T12:09:00

I do this:
1) Load the page checking if session exists.
2) end session at the end of the page. Meaning put your end session command at the end of the page
3) Now if the user tries to go back, by browser button or back space, he will be redirected to your default page i.e login or index as per your set preference.

Note: It only works when user is on the last page he/she should see. I had this specific requirement so it worked out for me.

How can I prevent user to visit previous pages using javascript after user logout in asp.net

4 solutions

Solution 1

Solution 2

Solution 3

Solution 4

Add your solution here

Preview 0