How Disable Browser Back Button only after Logout in mvc3.net

Asked 21/1, 2013 at 11:49 Answered 20/2, 2020 at 17:12

Solved javascript asp.net-mvc-3 form-authentication

I am using FormsAuthentication for userlogin. I am having a problem after user logs out successfuly the back button is browser allows user to view pages. I tried using javascript

 <script type = "text/javascript" >
        function preventBack() { window.history.forward(1); }
        setTimeout("preventBack()", 0);
        window.onunload = function () { null };
</script>

But back button is completly disabled. It worked bt,I dont want to disable back button functionality when user is logged in. i want my LOGGED IN user to use browser back button as normal. But once he choosed to log out, he is not allow to see any of contents by pressing Back. I also tried using

Session.Abandon();
 Response.Cache.SetCacheability(HttpCacheability.NoCache);
 Response.Cache.SetExpires(DateTime.Now);

But this is also not working.how do I fix this?

Assiut answered 21/1, 2013 at 11:49 Comment(1)

I suspect this would be a bad idea, since the user could just disable javascript and then press the back button. – Tarra 21/1, 2013 at 12:3

You could clear the browser history when the user logs out:

var url = window.location.href;
window.history.go(-window.history.length);
window.location.href = url;

However this would not be particularly robust - it relies on javascript, it would not work across multiple tabs and may only serve to annoy the user. IMO the best bet is to set appropriate caching headers such that the browser will not cache any of your 'logged in' pages via a NoCacheAttribute applied appropriately:

public class NoCacheAttribute : ActionFilterAttribute
{  
  public override void OnResultExecuting(ResultExecutingContext filterContext)
  {
      filterContext.HttpContext.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
      filterContext.HttpContext.Response.Cache.SetValidUntilExpires(false);
      filterContext.HttpContext.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
      filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
      filterContext.HttpContext.Response.Cache.SetNoStore();

      base.OnResultExecuting(filterContext);
  }
}

Liederkranz answered 21/1, 2013 at 12:4 Comment(7)

how do we use this ? Can you give an example How do I call this in a logout method ? def /logout.html end – Manvell 22/6, 2013 at 0:49

@Manvell have a look at asp.net/mvc/tutorials/older-versions/controllers-and-routing/… for an introduction to ActionFilters. NB this approach would not be appropriate for requests that bypass the ASP.Net MVC processing pipeline (eg for static files). – Clareclarence 24/6, 2013 at 10:53

@RichO'Kelly I am using this over my Logout action method but it is not working and my method just clears the session and redirects to home page – Cent 3/3, 2016 at 17:51

@RichO'Kelly I have made it work and the action filter is getting executed but still after pressing back button i can access the previous page so i don't think the cache is getting cleared – Cent 4/3, 2016 at 4:43

@mohit Apologies for delay - missed your comments. The attribute needs to be applied to all the pages that are only accessible whilst logged in - applying it when the logout action is executed will have no effect. – Clareclarence 28/4, 2016 at 13:34

@RichO'Kelly Is there anyway to clear the cache while logging out – Cent 28/4, 2016 at 13:35

@mohit Not easily. Browsers cache things according to the HTTP headers that are in the response to a request. Those requests and responses have already been and gone by the time the user clicks logout. – Clareclarence 28/4, 2016 at 15:8

Use this code in the html page on which you need to control the back button.

$().ready(function() {
    if(document.referrer != 'http://localhost:8181/'){ 
        history.pushState(null, null, 'login');
        window.addEventListener('popstate', function () {
            history.pushState(null, null, 'login');
        });
    }
});

This code will block back button event. The if condition is for allowing the back button if the previous page is 'http://localhost:8181/'. Back button won't be working if the previous page is not 'http://localhost:8181/'. If you need to block all previous pages then avoid the if condition. The history.pushState statements will replace the url on the browser address bar to 'login'. So I recommend you to change 'login' with your page url.

Advantages of this method:-

No need to control the cache.
We could allow the back button event for specified previous pages and could block the rest.

Hoping my answer will help someone.

Heavierthanair answered 13/6, 2016 at 9:17 Comment(2)

Really useful. Thanks – Colville 16/3, 2017 at 8:23

Great help thanks, I had to include it into my Login Razor! Brilliant – Recessional 24/9, 2018 at 8:33

Disabling back button is not a right way to achieve your need. Instead you can add the following three tags in your html file, which takes care of clearing cache.

<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">

Insupportable answered 21/1, 2013 at 12:17 Comment(4)

in which html we have to put this one? – Detrain 23/11, 2016 at 13:52

Inside a html file which you don't want to cache. But if you are looking for a way not to cache any file at all, then you should update your server configuration to not to cache[in http header]. – Insupportable 23/11, 2016 at 15:18

is it possible to do it like that, when we reach a particular page, all cache should be deleted. like when we reach login page, all cache should be deleted. – Detrain 24/11, 2016 at 4:34

Server can control the cache time of the resources its sending to client from no-cache to 5 mins, 1 day, 1 week or according to your need. But forcing the browser to clear its cache is not possible from server side. – Insupportable 24/11, 2016 at 5:26

The easiest way I found is using OutputCache Attribute

[OutputCache(NoStore = true, Duration = 0, VaryByParam = "*")]
public class HomeController  : Controller
{
}

Grillwork answered 27/5, 2014 at 13:19 Comment(2)

do we have to use this on all controllers? – Detrain 23/11, 2016 at 13:52

Yes. But if you want it to set globally, then look at the selected answer above. – Grillwork 7/12, 2016 at 8:51

 <script language="JavaScript" type="text/javascript">
    window.history.forward();              
 </script>

Textile answered 6/6, 2016 at 9:20 Comment(0)

Please go through the article http://www.aspdotnet-suresh.com/2011/11/disable-browser-back-button.html . I used the javacript function provided by the author in my layout page to prevent back button issue , as i need to provide access to certain pages to all visitors of my website.

This solution worked for me in IE 11 and Chrome Version 43.0.2357.130 m.

Hope this helps.

Secrecy answered 4/7, 2015 at 5:15 Comment(0)

var url = window.history.forward();
window.history.go(-window.history.length);

Kingcraft answered 24/8, 2017 at 8:42 Comment(1)

You should probably add some explanation to your answer. Best regards – Kimberelykimberlee 24/8, 2017 at 9:3

If you want this for all your pages, you could write in your Global.asax:

protected void Application_BeginRequest()
{
Response.AddHeader("Cache-Control", "no-cache, no-store, must-revalidate");
Response.AddHeader("Pragma", "no-cache");
Response.AddHeader("Expires", "0");
}

This will not cache any page of your site.

Vagus answered 20/2, 2020 at 17:12 Comment(0)

-1

Please use this code in your Master Page Load Event.

if(!IsPostBack)
        {
            if (Session["LoginId"] == null)
                Response.Redirect("frmLogin.aspx");
            else
            {
                Response.ClearHeaders();
                Response.AddHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
                Response.AddHeader("Pragma", "no-cache");
                            }
        }

Hope it helps! :)

Referee answered 11/10, 2013 at 5:12 Comment(0)

Recommended topics

Hot tags