Ask a Question related to ASP.NET Security, Design and Development.
-
GMK #1
Browser Back button problem
Dear all
I'm having a probelm concerning the security of my application.
the problem is when a user is loggoed in and then he looged out i redirect
him to the main page of my appkication but if he clicks on the Browser's
"back button" he could then enter to the application.
i'm removing all sessions concerning the applcation on logout but i would
like to know how could i handle the "Back button click event" of the
browser"
Thanks in advance for your help/
GMK Guest
-
Disable back button in browser and X in top right
Has anyone ever seen code out there for disabling the back button or the close button? I don't want the user to be able to leave the flex app... -
How do I disable Back Button in Browser?
i get incredibly grumpy every time someone asks a question then they get bombarded with 'we have to think of the user' and 'u have no right to mess... -
Help with Frames and the Browser Back Button...
Hi all! I think that it isn't the first time you read this question (I think it is a FAQ)....however.... .... I have a 3-frame page: left, top... -
flash detection and browser 'Back' button problem...
Hello, One of my clients has asked me a difficult problem this week... how to set up his website so viewers can use their browser 'Back' button... -
Back button on the browser problem
Hi In my application I have a wizard and I have to make sure that user can't come back to previous page of the wizard. The problem is that is user... -
Scott M. #2 Re: Browser Back button problem
You can't handle the back button of the browser, since it is a client-side
event. There are some alternatives though...
You could check for a valid session on the page that could be "backed" into
and if there isn't redirect the user to the logged out page.
You could set the page being backed into to expire immediately, so that when
a user backs into it, they get a page expired message, rather than the page.
"GMK" <georgeskaddoum@yahoo.com> wrote in message
news:eiikkaNGFHA.3732@TK2MSFTNGP14.phx.gbl...> Dear all
> I'm having a probelm concerning the security of my application.
> the problem is when a user is loggoed in and then he looged out i redirect
> him to the main page of my appkication but if he clicks on the Browser's
> "back button" he could then enter to the application.
> i'm removing all sessions concerning the applcation on logout but i would
> like to know how could i handle the "Back button click event" of the
> browser"
>
> Thanks in advance for your help/
>
>
Scott M. Guest
-
Andy Fish #3 Re: Browser Back button problem
If the browser does not re-request the page when he uses the back button,
and simply displays the cached page, (IE does this with the default
settings) there is nothing you can do since no request is re-sent to the
server when he clicks back.
If the back button is requesting the page from the server and your app
thinks he is logged in, it seems you are not doing a very good job of
logging him out !! To log him out you should do this:
Session.Clear();
Session.Abandon();
FormsAuthentication.SignOut();
(assuming you are using forms authentication). Then when he clicks back, he
will just see the login page.
Andy
"GMK" <georgeskaddoum@yahoo.com> wrote in message
news:eiikkaNGFHA.3732@TK2MSFTNGP14.phx.gbl...> Dear all
> I'm having a probelm concerning the security of my application.
> the problem is when a user is loggoed in and then he looged out i redirect
> him to the main page of my appkication but if he clicks on the Browser's
> "back button" he could then enter to the application.
> i'm removing all sessions concerning the applcation on logout but i would
> like to know how could i handle the "Back button click event" of the
> browser"
>
> Thanks in advance for your help/
>
>
Andy Fish Guest
-
Nick Goloborodko #4 Re: Browser Back button problem
Hi,
I can see what you mean - but most likly this is the problem with the user's
end browser, and not your app. As i am coming from PHP background, it was
allways concidered a good programming style to disable any catching done by
the browser / proxy server in HIGH security applications. What normally
happens when the user presses back button is that the last page is brought
up by the browser without even sending a request to server.
However this generally can be fixed by using HTPP headers "Cache-Control:
no-cache, must-revalidate" and "Pragma: no-cache". Since i'm only
begginging ASP.NET i cannot help u with the name of the function that
manages HTTP headers in .NET, but i can assure u that there is one. Also,
do read more on Cache-Control: and Pragma: HTTP headers (Google it)
HTH
Nick Goloborodko
Nick Goloborodko Guest
-
Joerg Jooss #5 Re: Browser Back button problem
Nick Goloborodko wrote:
Which BTW is what the HTTP spec expects a browser to do.> Hi,
>
> I can see what you mean - but most likly this is the problem with the
> user's end browser, and not your app. As i am coming from PHP
> background, it was allways concidered a good programming style to
> disable any catching done by the browser / proxy server in HIGH
> security applications. What normally happens when the user presses
> back button is that the last page is brought up by the browser
> without even sending a request to server.
See System.Web.HttpCachePolicy or the @OutputCache directive.> However this generally can be fixed by using HTPP headers
> "Cache-Control: no-cache, must-revalidate" and "Pragma: no-cache".
> Since i'm only begginging ASP.NET i cannot help u with the name of
> the function that manages HTTP headers in .NET, but i can assure u
> that there is one. Also, do read more on Cache-Control: and Pragma:
> HTTP headers (Google it)
Cheers,
--
[url]http://www.joergjooss.de[/url]
mailto:news-reply@joergjooss.de
Joerg Jooss Guest
-
Adam K #6 Browser Back button problem
Dear all
I'm having a probelm concerning the security of my application.
the problem is when a user is loggoed in and then he looged out i redirect
him to the main page of my application but if he clicks on the Browser's
"back button" he could then enter to the application.
i'm removing all sessions concerning the applcation on logout but i would
like to know how could i handle the "Back button click event" of the
browser"
I know I can't handle the back button of the browser, since it is a
client-side
event.
If I disable cash ie, put
Response.Cache.SetCacheability(HttpCacheability.No Cache) in the
Page_Load event handler. This will help, but it will disable page caching.
The problem is that I need of page caching.
Thanks in advance for your help/
Adam K Guest
-
ferunic #7 Re: Browser Back button problem
Adam K wrote:Hi, I'm having the same problem too.> *Dear all
> I'm having a probelm concerning the security of my application.
> the problem is when a user is loggoed in and then he looged out i
> redirect
> him to the main page of my application but if he clicks on the
> Browser's
> "back button" he could then enter to the application.
> i'm removing all sessions concerning the applcation on logout but i
> would
> like to know how could i handle the "Back button click event" of the
> browser"
> I know I can't handle the back button of the browser, since it is a
> client-side
> event.
> If I disable cash ie, put
> Response.Cache.SetCacheability(HttpCacheability.No Cache) in the
> Page_Load event handler. This will help, but it will disable page
> caching.
> The problem is that I need of page caching.
>
>
> Thanks in advance for your help/ *
Did you find out how to solve it?
Regards, Fernando.
--
ferunic
------------------------------------------------------------------------
Posted via [url]http://www.codecomments.com[/url]
------------------------------------------------------------------------
ferunic Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
