Using The Browser's Back Button After SignOut() Allows Access To Secure Page (MVC)

Jan 25, 2010

I have an MVC app that uses [Authorize] to protect the private bits. When I select the SignOut() URL it signs me out but if I hit the back button on my browser the it goes to the secure page and even lets me use the form. The action takes place and then it shows that I'm signed out. The problem is that it performs the secured action (inserting a row into my database). Then I can use the back button again and do it all over. If I use the back button after logging out and hit the browser refresh it does show I'm logged out and refuses me access to the secure page. Am I missing something important? It seems like it could be a really big security issue.

public ActionResult LogOff(string ReturnUrl)
{
FormsAuth.SignOut();
if (!String.IsNullOrEmpty(ReturnUrl))
{
return Redirect(ReturnUrl);
}
else
{
return RedirectToAction("Index", "Page");
}
}

View 3 Replies


Similar Messages:

Security :: FormsAuthentication.SignOut() Doesn't Work For Previous / Back Button?

May 13, 2010

I have a Default(contains the sign-out button) and Login page, once the user is not authenticated, it will always redirect the user to login page.

So the scenario is when the user hit the sign-out button it will redirect him to the login page which is good. My problem is, when the user hits theprevious or back button from the login page,it will still read the authorization cookies and redirect him to the default page. which should not be the case. the user should be redirected to login page when authentication is invalid.

I've read some solutions on the net, but still it doesn't work for me. below are the codes I've used for my sign-out function

[Code]....

By the way, when the user is authenticated, the previous or back button is available/enable for the user.

View 12 Replies

Open Another Page Using Back Button In Browser

Nov 12, 2010

From pageA, clicking a button to open pageB which display a crystal report. User can only use browser back button. How to open pageC from pageB? Can I add code in pageB close (if there is a page close event) or make back button in browser to open pageC instead of pageA?

View 2 Replies

Web Forms :: Open Another Page Using Back Button In Browser?

Nov 12, 2010

From pageA, clicking a button to open pageB which display a crystal report. User can only use browser back button. How to open pageC from pageB? Can I add code in pageB close (if there is a page close event) or make back button in browser to open pageC instead of pageA?

View 1 Replies

Web Forms :: How To Disable Browser Back Button In Index Page Or Login Page

Sep 25, 2012

am creating a web application in using c# with asp.net.

in that am using login page only as normal aspx page. other pages are using masterpage.

when i click logout button in masterpage. page will redirect to login page. after that if i click browser back button it was moving to previous page. how can i prevent this.

am using this following code in master page aspx page. And My log out button code is below.

<%if (!Page.User.Identity.IsAuthenticated)
{ %>
<script type = "text/javascript" >
function preventBack() { window.history.forward(); }
setTimeout("preventBack()", 0);
window.onunload = function() { null };
</script>
<%} %>

But exactly what i need is once if login page loaded or logged out then it wont go to previous page.

View 1 Replies

Web Forms :: Check To See If A Page Was Reached Through The Browser Back Button?

Feb 24, 2011

I have an application that posts to a form on a different page, on a different site. Everything works fine unless the user presses the back button.The way it'ssetup now, if th euser forgets their pin, they click alink which takes them to a popup window. The enter their info and then they're sent a new pin. Fine.However, I'm trying to account for all possible scenarios. What if the user forgets their pin, is taken to this other page, and then decides they remembered their pina nd presses the back button. They'll need to reload in order to be able to try to post again, otherwise the session variables I'm using to log them in won't reset (I reset some in the page load event).Is there anyway to detect whether the page was arrived at via the browser back button so that I can reload it?

View 2 Replies

Web Forms :: How To Remain On Same Page When Click On Back Button In Browser

Oct 30, 2012

I want to create a logout session in asp.net?

How to clear history?

When we click on back button it should stay on same only....

View 1 Replies

Web Forms :: When Click Browser Back Button / Page Ask Login Again

Mar 9, 2014

when i click a browser back button the page will be ask login again 

View 1 Replies

Clicking Browser Back Button Is Opening A Link In The Previous Page?

Apr 22, 2010

I am using the below code

[Code]....

In the page there are two links. When i click the first link it opens a window in a new page. I do this by using the above code.

I am clicking the second link in the page and navigating to another page. Now i am clicking the browser back button. Supprisingly its opening the first link.

How clicking back button is opening the link in the page. I am using c# .net 2005.

View 1 Replies

AJAX :: Page Load Is Not Called When Press Button Back(in Browser)?

Feb 13, 2010

I am using Ajax authentication service to login/logout users.And have 2 boxes one for logged users,another for any user.When user logged in he get loged in box,then go to another page,then press back,i have unlogged box.In Page_Load i check if (Reques.IsAuthenticated) then i change box on corresponding,in this case on Logged in box.But Page_Load is not called when i press button back(in browser) or backspace.

View 1 Replies

Javascript - If Users Press The Browser's Back Button To Reach The Prior Page Then Page Should Display A Message Like "web Page Expired"

Jul 23, 2010

if users press the browser's back button to reach the prior page..then page should display a message like "web page expired" in asp.net can i use javascript for this?

for example..

there are 4 pages in web sites. 1,2 and 3 can be back. but when the 4th page run then 4th page can not be back... when the user press browser's back button , diaplay ma message "weg page expired".

View 4 Replies

Security :: Sign Out Link / Click The Back Button On Browser, Still Go Back Into The Site?

Jun 24, 2010

I've created a Sign Out link on my page, just like the one you see on the top right hand corner of this forum.

This is the code i use :

<asp:HyperLink NavigateUrl="~/Login.aspx" ID="hypSignOut" runat="server" Text="Sign Out"></asp:HyperLink>

However, after signing out, I click the back button on my browser, I can still go back into the site. How do I prevent this?

View 3 Replies

Web Forms :: Prevent Back From Browser Back Button After Logout

Jul 25, 2013

When I click Logout page redirect to Login page but when click to browser arrow back then it will goes back, I want to after Logout cannot going to back page...

View 1 Replies

Web Forms :: On Logout Redirect User To Login Page If User Clicks Back Button Of The Browser

Jul 9, 2010

after user loggs out if he clicks the browsers back button then users had to be redirected to login page

doenst matter how many time the user clicks on back button take him to login page

how to achieve this let me know

View 6 Replies

Disable Browser Back Button Using C#.net?

Dec 9, 2010

Possible Duplicate: Disabling Back button on the browser i want to disable browser back button without using javascript function forward().because it remain on this page.

I want to totally disable browser back button like banking sites

send me code for that i need it

View 1 Replies

MVC :: Browser Back Button Working

May 20, 2010

I have an image that has an on-click function. That on-click function calls an action method in a controller passing some values from the page, using window.location.replace.

[Code]....

The controller then gets data from the repository and displays a "printer friendly html" page:

[Code]...

View 1 Replies

Web Forms :: Browser Back Button

Mar 9, 2014

When i Clicked a logout button the page will be close but the browser back button go to previous page how to solve this....

View 1 Replies

Web Forms :: Handling Browser Back Button?

Jan 12, 2010

Im using ASP.NET 2.0,C# for my web application development. I am having a login page and new user registration page. how to redirect to login page once user finishes his registration and clicks back button of browser. Registration page is container page using some master page..

View 7 Replies

Detect If Back Browser Button Pressed?

Dec 2, 2010

In my app, there is a grid that you can drill down. You can go back to prev view via some links but the back bowser button is not integrated to that, so that if you do hit the back browser button, it logs out of the app which I don't want. I would be happy if it would redirect to the first page. I think this part is what we need. [URL] this is the startpage.xaml, at the end there is the hyperlink - so maybe here I can see if the back browser is pressed ( there is no other place in the codes that would navigate out), and if this is pressed I can redirect to a different spot? Is this a sound idea and how do I check if this back browser has been pressed?

<HyperlinkButton Content="Logout"

View 1 Replies

How To Disable Back Button Browser History

Mar 26, 2010

I'm using 2 masterpages in my project.One master page is for login page and another one for the HomePage where user will go thro the options to reach other pages from home page..The thing is,i have "Logout" button in my home page.When i click on the logout button,the page will be redirected to "LoginPage.aspx". After redirecting to login page,when i click on browser back button,the previous page is displaying but it should not display to user since i'm doing sensitive transactions in all pages...

I tried using following code

Code:
Response.Expires = 0;
Response.Cache.SetNoStore();
Response.AppendHeader("Pragma", "no-cache");
Page.Response.Cache.SetCacheability(HttpCacheability.NoCache);

but it's not working...

View 8 Replies

VS 2008 Prevent Back Button On The Browser?

Jul 14, 2010

i just like to ask if you have any idea of preventing the Back button of the browser to navigate back to the previous page after a user log in.Ex:After a user successfully logged in to my website and he/she hit the Back button of the browser.I want this to not redirected to the previous page instead redirected to the same page which is my Main page.Also after a user logged out to my website and again he/she hit the Back button of the browser.I also want this to not redirected to the previous page instead redirected to my login page.

View 10 Replies

Web Forms :: Identifying Browser Back Button And New Tab?

May 10, 2010

How to recognize if user has come through browser back button in asp. net site

AS well how to identify if they have opened new tab in the same browser.

View 1 Replies

Web Forms :: Browser's Back Button And Cache?

Jan 11, 2010

Not sure if i'm posting in the right forum, if not, please move it...i have the following issue... I want to "disable" browser's back button. Seems it's not possible, but using cache.setcacheability and timing it, kinda disables the option of navigating back. I need this because in some pages of my webpage, i keep values in a Session variable so when a page loads, i need to check that variable, and, if navigating back, cant do that. I also "set cache to false" because if someone closes session, and i allow cache, someone else could handtype a url in that same pc and see the page without login (though if he/she tries to navigate through it will be kicked out because when loading a new page, i'll know that he/she is not logged) but i dont want to allow even that,

that's why cache is disabled. The problem is that loading over and over again my masterpage (header, footer, menu and stuff) is going to slow down the webpage, because every time there's a request, the page has to be sent again completely. So, is there something like a "mix" mode where i can allow cache just for a few things? If not, what's the best practice to achieve both things i'm trying: speed and security?

View 4 Replies

Security :: How To Disable Back Button Of Browser

Sep 17, 2010

i want to know how can i restrict any user to access any webpage after logging out

View 4 Replies

Web Forms :: How To Disable Browser Back Button

Jan 16, 2012

After user has logged out i am redirecting user to home.aspx and from here i do not want user to be able to go back using browser back button.. How can i do it? I used this code in javascript :

<script type="text/javascript">    javascript:window.history.forward(1);</script>

This does not work for me. In all pages i am using Master Pages..

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved