stackoom
  简体   繁体   中英

How to prevent user from going back to the login-page after successful login using back button

 原文  2013-07-28 06:56:40       c#/ asp.net/ asp.net-mvc/ login

Question

I am working on an MVC3 application and is stuck with a login security issue. The scenario is when a user logs-in with his/her username and password, if correct, he/she will be redirected to their homepage.

But if they click on the browser back button, they go back to the Login-page which in my case, I do not want. It's same like facebook, gmail etc. where once a user logs in with his/her credentials, they cannot go back to the login-page simply by clicking the back button of the browser.

3 answers

solution1
 6 ACCPTED  2013-07-28 07:01:54

You can use javascript that checks for cookie you'll give after successfull login. the js will check it onpage load and redirect to non-login page if the cookie exists. there are also other methods to do that as desctibed in: here

solution2
 1  2013-07-28 07:28:26

you need to expire cache and headers, here is what i use: 

  <% HttpContext.Current.Response.Cache.SetAllowResponseInBrowserHistory(false);
   HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
   HttpContext.Current.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
   HttpContext.Current.Response.Cache.SetValidUntilExpires(false);
   HttpContext.Current.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
   HttpContext.Current.Response.Cache.SetNoStore();
   Response.Cache.SetExpires(DateTime.Now);
   System.Web.HttpContext.Current.Response.AddHeader("Pragma", "no-cache");
   Response.Cache.SetValidUntilExpires(true);
   Response.Buffer = true;
   Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0));
   Response.Expires = 0;
   Response.CacheControl = "no-cache";
   Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-4)); 
   Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0));
   Response.AppendHeader("Pragma", "no-cache");
   Response.Cache.AppendCacheExtension("must-revalidate, proxy-revalidate, post-check=0, pre-check=0");
%>  
<script language="javascript" type="text/javascript">
    window.onbeforeunload = function () {
        // This function does nothing.  It won't spawn a confirmation dialog   
        // But it will ensure that the page is not cached by the browser.
    }  
</script>

Add this in page head and the next time user try to go back it will request new page load.

solution3
 0  2013-07-28 13:30:45

You can try this link to disable back button on browser in ASP.NET :

Disable Browser Back Button Using Javascript ASP.NET

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authorized page redirects back to login after successful login Prevent user from going back to the previous secured page after logout How to prevent going back after the user pressed the GoBack hardware button? How to prevent back button after LOGIN in asp.net? Go back to page that needed authentication after successful login How to return user back to the original page after login? how to avoid from going back to login page from home page on refresh C# How to prevent logged out user from revisiting previous page using back button in asp .net? Browser back button navigates to login page when user is still logged in After logout,how to redirect user to login page when he/she will click back button of browser in ASP.NET MVC3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM