Web Forms :: Stop Users Users Using The Browser Back Button And Potentially Submitting An Old Version
Mar 25, 2011
I need to stop users users using the browser back button and potentially submitting an old version of a form.
I'm storing a guid in a session variable and also writing the value to a hidden form field and then checking the session value against the hidden field value if a user does try to navigate back and submit an old form.
If the form is submitted and the user wants to complete a new copy of the form then a new guid is generated both to the session and to the hidden form field. Now, if the user decides to hit the back button a few times to get the old form and tries to submit it again, the page checks the current guid in session against the guid stored in the form field and it finds a mismatch and prevents the form being submitted.
This works as expected in Chrome and Firefox, but in IE6, when the user hits the back button to view the old form, the new guid value appears in the hidden field of the old form! This means the user can submit the old form again, which we definitely do not want.
i m having problem with logout code in asp.net with c#. this logout code should end session, disable browser's back button and and if somebody try to login by paste the url of any user account page.i used this code in login page
if users press the browser's back button to reach the prior page..then page should display a message like "web page expired" in asp.net can i use javascript for this?
for example..
there are 4 pages in web sites. 1,2 and 3 can be back. but when the 4th page run then 4th page can not be back... when the user press browser's back button , diaplay ma message "weg page expired".
I am trying to prevent users from submitting ascii codes in a textbox using a RegularExpressionValidator.
This works fine and I am able to display an error.
However when the user clicks on another button on the page I get the "A potentially dangerous Request.Form value was detected from the client" error. Is there a way to prevent this?
We have a few scenarios which mean users can see other users data if they're on the same machine.
Scenario 1
Login User A Browse to forms with perosnal data Logout User A Login User B Either hit back button until you reach User A's personal data or.. Use browser history to jump directly to user A's personal data.
Scenario 2
Login User A Browse to forms with personal data Close browser New Browser, Use history to go directly to User A's data.
The 2nd one was caused by the browser displaying the page from its cache, so for that one, I added the following to the web.config..
[Code]....
[Code]....
which seems to do the trick, but I need to know how to fix the first part and whether the web.config changes are all that's needed to clear any cache.
When I click Logout page redirect to Login page but when click to browser arrow back then it will goes back, I want to after Logout cannot going to back page...
My testers have discovered that if you type free text into a file upload input then none of the buttons on the page work until that text is removed (so the page cannot be submitted).
I am able to replicate this with the following ASPX code (with no code behind):
(Note that I haven't bound any handlers to the page; despite this, the page is submitted when the submit button is clicked only if no text is entered into the upload text box)
Is there any way to prevent users from typing free text into a file upload control? It seems that this is only possible in IE - Firefox and Chrome natively prevent text from being entered into upload input fields.
I've seen solutions elsewhere which suggest hiding input and replacing it with a label / button combo, but this seems like it might cause more problems and work inconsistently across browsers.
I have a page, the user types in e-mail and then submits. The next page is a confirmed page - letting the user know that his -mail was entered. If you then click back, the forum will try to re-submit itself. Is there a way to stop this?
I have an asp.net web app that uses forms-based authentication, a SqlMembershipProvider (using an encrypted password format), and a SqlRoleProvider. I need to know if it's possible to administer the users (create new users, assign them to roles, etc.) from a windows application - the powers that be don't want any administrative functionality in the web app itself.
Here is the membership provider definition from web.config:
[code]....
So, obviously, I have a Sql Server database that contains the users and roles for the web app. I'd like to create a separate windows app that references the web app assembly, and use the configured MembershipProvider, RoleProvider, and machineKey to create users, assign users to roles, etc. If that's not possible, I can duplicate the configuration settings from web.config within the windows app. But I don't know how to do this either.
We have a simple SQL Server database with an ASP.NET front end.
I can easily update a record from my browser.
Another person cannot: he edits the field and hits the "update" button, but the change is not propagated to the database. The old value remains. He is using Internet Explorer. I checked the database, and his change is not propagated. There is no error thrown.
He WAS able to edit in May. Today he can't. but I can.
I can even update it with the Google Chrome browser.
We have implemented the ASP membership and roles..and we would like to display the users currently logged in and also display the number of users online so we can display that on the page. The list of users woudl only be available to our admins. BUt the number of users will show for everyone.
In my website I am maintaining log of users in which I am storing some user's information such as user machine IP umber,SessionId,UserName etc.and able to show the list of current and past users in webpage. I want to share and connect to browser session of any of the current users. Is it possible,if yes then how?
i have to implement a requirement that's kind of weird for web apps (intranet web app).
after an user login to the app, the user may press Ctrl + N to open the current page in a new window. this sounds perfectly normal except the business requirement is to prevent users from doing this. users must logoff before they can access to the app again with a different browser window/tab.
I have used Login Control + Change Password + Create User Wizard in my project. Everything is working fine. I want to know that how to get the List of Users and also to Update/Delete users.
I just realized after i created a test account i was not in any roles. Is there a way to automically add new users into the role Users? Have i missed this some where?
Im using ASP.NET 2.0,C# for my web application development. I am having a login page and new user registration page. how to redirect to login page once user finishes his registration and clicks back button of browser. Registration page is container page using some master page..
Not sure if i'm posting in the right forum, if not, please move it...i have the following issue... I want to "disable" browser's back button. Seems it's not possible, but using cache.setcacheability and timing it, kinda disables the option of navigating back. I need this because in some pages of my webpage, i keep values in a Session variable so when a page loads, i need to check that variable, and, if navigating back, cant do that. I also "set cache to false" because if someone closes session, and i allow cache, someone else could handtype a url in that same pc and see the page without login (though if he/she tries to navigate through it will be kicked out because when loading a new page, i'll know that he/she is not logged) but i dont want to allow even that,
that's why cache is disabled. The problem is that loading over and over again my masterpage (header, footer, menu and stuff) is going to slow down the webpage, because every time there's a request, the page has to be sent again completely. So, is there something like a "mix" mode where i can allow cache just for a few things? If not, what's the best practice to achieve both things i'm trying: speed and security?
After user has logged out i am redirecting user to home.aspx and from here i do not want user to be able to go back using browser back button.. How can i do it? I used this code in javascript :
