Problem:

User Logs out. 

User is redirected to signout page

User click back button. The previous page is displayed.

How is it possible to prevent the user from visiting the previous pages after logout ?

Reason:

The previous pages are cached in Browser. When u click the back button the pages are served directly from your browser cache instead of getting it from server.

Solutions:

Basically there are two different methods to solve this. 

1) Disable the cache. (More reliable and browser independent)

2) Javascript methods. (Browser dependent and javascript should be enabled)

Solution 1 : Disable the cache.

The foolproof solution is to prevent the page from being cached. This can be done with the following server-side script:

      Response.Cache.SetCacheability(HttpCacheability.NoCache);

       Response.Cache.SetNoStore(); 

Put the above code in the page load event of all the pages, which u need to prevent accessing after logout.

Note: If you want to disable the cache for your entire application, you can put the above code in Global.asax instead of putting it in all the pages. see the Global.asax code below.

Application_BeginRequest(object sender, EventArgs e)

    {

     Response.Cache.SetCacheability(HttpCacheability.NoCache);

      Response.Cache.SetNoStore();

    }

Advantage:  Works in all the browsers and in all the situations.

Disadvantage :  The page(including the resources like javascript files, images etc) has to be loaded each time a page is requested.  

When to use : 

1) If the application is in an intranet environment

2) If the data should be very secure. (Eg: Banking applications)

You can download a sample code  from here

Solution 2 :Using Javascript:

Using javascript methods, you cannot completely restrict the user from  going back to the previous location(but  you can make it harder) 

Method 1:

You can add code to the secure pages(the pages which the user should not be viewed after logged out) to force the browser to go forwards again: 

Place the below code in the head section of the pages which u need to prevent the user from accessing after logout.

<script language=”JavaScript”>

  window.history.forward(1);

</script>

Eg:

<head runat=”server”>

 <title>User Page</title>   

<script language=”JavaScript”>

   window.history.forward(1);

</script>

</head>

Note: The above method does not work in chrome.

Method 2 :

Place the following code in the head section of the page where you don’t want the user to revisit using the back button. 

<script type = “text/javascript” > 

   function preventBack(){window.history.forward();} 

    setTimeout(”preventBack()”, 0); 

    window.onunload=function(){null}; 

</script>

 

This code is based on the following article.

http://www.aspsnippets.com/post/2009/03/24/Disable-Browser-Back-Button-Functionality-using-JavaScript.aspx

Method 3: (Not recommended)

You can use the  location replace method when changing the location. This replaces the current history location with the new location. Some older browsers do not support this method, so test for document.images to check if  the browser support this propery.

<script language=”JavaScript”>

if (document.images) 

location.replace(’http://www.yoursite.com/yourpage.html’); 

else 

location.href = ‘ yourpage.html’; 

</script>

Note:

If you have any suggestions, please comment it below. I will be constantly updating this post based on your comments.