Logout still access to authorize page when click on browser back button
Question
I have a Login and Logout method with remember me. After Logout from 'index' page(authorized), I can still go back to 'index' with browser's(chrome) back arrow. Is this because of remember me? How can I totally logout from my website?
This happens even Remember Me is checked or not checked. I tried clearing browser cache and history.
[HttpPost]
public ActionResult Login(LoginModel loginModel)
{
User user = db.Users.Where(u => u.Username.Equals(loginModel.Username) && u.Password.Equals(loginModel.Password)).FirstOrDefault();
if (user != null)
{
FormsAuthentication.SetAuthCookie(user.UserPkID.ToString(), loginModel.RememberMe);
return RedirectToAction("Index", "Home");
}
else
{
return View();
}
}
[HttpGet]
public ActionResult Logout()
{
FormsAuthentication.SignOut();
return RedirectToAction("Login");
}
2 answers
solution1
0 2019-09-16 04:35:03
No this is not because of remember me.
you must push your url in pushState and clean the browser history:
try this :
$(document).ready(function() {
window.history.pushState(null, "", window.location.href);
window.onpopstate = function() {
window.history.pushState(null, "", window.location.href);
};
});
check here: Disable Back Button in Browser using jquery?
solution2
-1 ACCPTED 2019-09-16 05:19:42
Add this block inside your Global.asax after Application_Start() function inside public class MvcApplication : System.Web.HttpApplication{}
public class MvcApplication : System.Web.HttpApplication
{
// Application_Start() and other functions
protected void Application_BeginRequest()
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.