Professional Web Applications Themes

Browser Back button problem - ASP.NET Security

Dear all I'm having a probelm concerning the security of my application. the problem is when a user is loggoed in and then he looged out i redirect him to the main page of my appkication but if he clicks on the Browser's "back button" he could then enter to the application. i'm removing all sessions concerning the applcation on logout but i would like to know how could i handle the "Back button click event" of the browser" Thanks in advance for your help/...

  1. #1

    Default Browser Back button problem

    Dear all
    I'm having a probelm concerning the security of my application.
    the problem is when a user is loggoed in and then he looged out i redirect
    him to the main page of my appkication but if he clicks on the Browser's
    "back button" he could then enter to the application.
    i'm removing all sessions concerning the applcation on logout but i would
    like to know how could i handle the "Back button click event" of the
    browser"

    Thanks in advance for your help/


    GMK Guest

  2. #2

    Default Re: Browser Back button problem

    You can't handle the back button of the browser, since it is a client-side
    event. There are some alternatives though...

    You could check for a valid session on the page that could be "backed" into
    and if there isn't redirect the user to the logged out page.

    You could set the page being backed into to expire immediately, so that when
    a user backs into it, they get a page expired message, rather than the page.

    "GMK" <georgeskaddoum> wrote in message
    news:eiikkaNGFHA.3732TK2MSFTNGP14.phx.gbl...
    > Dear all
    > I'm having a probelm concerning the security of my application.
    > the problem is when a user is loggoed in and then he looged out i redirect
    > him to the main page of my appkication but if he clicks on the Browser's
    > "back button" he could then enter to the application.
    > i'm removing all sessions concerning the applcation on logout but i would
    > like to know how could i handle the "Back button click event" of the
    > browser"
    >
    > Thanks in advance for your help/
    >
    >

    Scott M. Guest

  3. #3

    Default Re: Browser Back button problem

    If the browser does not re-request the page when he uses the back button,
    and simply displays the cached page, (IE does this with the default
    settings) there is nothing you can do since no request is re-sent to the
    server when he clicks back.

    If the back button is requesting the page from the server and your app
    thinks he is logged in, it seems you are not doing a very good job of
    logging him out !! To log him out you should do this:

    Session.Clear();
    Session.Abandon();
    FormsAuthentication.SignOut();

    (assuming you are using forms authentication). Then when he clicks back, he
    will just see the login page.

    Andy

    "GMK" <georgeskaddoum> wrote in message
    news:eiikkaNGFHA.3732TK2MSFTNGP14.phx.gbl...
    > Dear all
    > I'm having a probelm concerning the security of my application.
    > the problem is when a user is loggoed in and then he looged out i redirect
    > him to the main page of my appkication but if he clicks on the Browser's
    > "back button" he could then enter to the application.
    > i'm removing all sessions concerning the applcation on logout but i would
    > like to know how could i handle the "Back button click event" of the
    > browser"
    >
    > Thanks in advance for your help/
    >
    >

    Andy Fish Guest

  4. #4

    Default Re: Browser Back button problem

    Hi,

    I can see what you mean - but most likly this is the problem with the user's
    end browser, and not your app. As i am coming from PHP background, it was
    allways concidered a good programming style to disable any catching done by
    the browser / proxy server in HIGH security applications. What normally
    happens when the user presses back button is that the last page is brought
    up by the browser without even sending a request to server.

    However this generally can be fixed by using HTPP headers "Cache-Control:
    no-cache, must-revalidate" and "Pragma: no-cache". Since i'm only
    begginging ASP.NET i cannot help u with the name of the function that
    manages HTTP headers in .NET, but i can assure u that there is one. Also,
    do read more on Cache-Control: and Pragma: HTTP headers (Google it)

    HTH
    Nick Goloborodko
    Nick Goloborodko Guest

  5. #5

    Default Re: Browser Back button problem

    Nick Goloborodko wrote:
    > Hi,
    >
    > I can see what you mean - but most likly this is the problem with the
    > user's end browser, and not your app. As i am coming from PHP
    > background, it was allways concidered a good programming style to
    > disable any catching done by the browser / proxy server in HIGH
    > security applications. What normally happens when the user presses
    > back button is that the last page is brought up by the browser
    > without even sending a request to server.
    Which BTW is what the HTTP spec expects a browser to do.
    > However this generally can be fixed by using HTPP headers
    > "Cache-Control: no-cache, must-revalidate" and "Pragma: no-cache".
    > Since i'm only begginging ASP.NET i cannot help u with the name of
    > the function that manages HTTP headers in .NET, but i can assure u
    > that there is one. Also, do read more on Cache-Control: and Pragma:
    > HTTP headers (Google it)
    See System.Web.HttpCachePolicy or the OutputCache directive.

    Cheers,
    --
    [url]http://www.joergjooss.de[/url]
    mailto:news-replyjoergjooss.de
    Joerg Jooss Guest

  6. #6

    Default Browser Back button problem

    Dear all
    I'm having a probelm concerning the security of my application.
    the problem is when a user is loggoed in and then he looged out i redirect
    him to the main page of my application but if he clicks on the Browser's
    "back button" he could then enter to the application.
    i'm removing all sessions concerning the applcation on logout but i would
    like to know how could i handle the "Back button click event" of the
    browser"
    I know I can't handle the back button of the browser, since it is a
    client-side
    event.
    If I disable cash ie, put
    Response.Cache.SetCacheability(HttpCacheability.No Cache) in the
    Page_Load event handler. This will help, but it will disable page caching.
    The problem is that I need of page caching.


    Thanks in advance for your help/


    Adam K Guest

  7. #7

    Default Re: Browser Back button problem


    Adam K wrote:
    > *Dear all
    > I'm having a probelm concerning the security of my application.
    > the problem is when a user is loggoed in and then he looged out i
    > redirect
    > him to the main page of my application but if he clicks on the
    > Browser's
    > "back button" he could then enter to the application.
    > i'm removing all sessions concerning the applcation on logout but i
    > would
    > like to know how could i handle the "Back button click event" of the
    > browser"
    > I know I can't handle the back button of the browser, since it is a
    > client-side
    > event.
    > If I disable cash ie, put
    > Response.Cache.SetCacheability(HttpCacheability.No Cache) in the
    > Page_Load event handler. This will help, but it will disable page
    > caching.
    > The problem is that I need of page caching.
    >
    >
    > Thanks in advance for your help/ *
    Hi, I'm having the same problem too.
    Did you find out how to solve it?
    Regards, Fernando.



    --
    ferunic
    ------------------------------------------------------------------------
    Posted via [url]http://www.codecomments.com[/url]
    ------------------------------------------------------------------------

    ferunic Guest

Similar Threads

  1. Disable back button in browser and X in top right
    By nrutter in forum Macromedia Flex General Discussion
    Replies: 1
    Last Post: May 20th, 06:15 PM
  2. How do I disable Back Button in Browser?
    By [-e-] Alas in forum Macromedia ColdFusion
    Replies: 8
    Last Post: March 22nd, 03:32 AM
  3. Help with Frames and the Browser Back Button...
    By M. Magistri in forum Macromedia Dynamic HTML
    Replies: 1
    Last Post: April 8th, 12:27 PM
  4. flash detection and browser 'Back' button problem...
    By Rob in forum Macromedia Flash Sitedesign
    Replies: 0
    Last Post: February 4th, 05:49 AM
  5. Back button on the browser problem
    By shimonsim@talamus.com in forum ASP.NET General
    Replies: 3
    Last Post: June 29th, 12:26 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139