Disabling the Back Button of IE

[shahab]

I have a problem in destroying the sessions:

In Admin part of a site I need to destroy the session ,Because when the user press the Back button of IE he/she can go to the pages that should not!I mean that the admin part must be one-way not two way. :)

The user mustn't be able to go back.

So is that clear? :D

Now the correct way can be a javascript in ASP.NET!

Philosophy :-\ :in any page if the user pressed the back button of IE the javascript client code empty the usename session so the session Expired message will be shown!But the user must be able to continue his way in the Direct path!

What should I programm? :rolleyes:

[Derek Stone]

You can add the following meta tags to your Web page, however there is no way of ensuring what you want to do.

<meta http-equiv="pragma" content="no-cache" />
<meta http-equiv="no-cache" content="no-cache" />
<meta http-equiv="expires" content="-1" />
<meta http-equiv="cache-control" content="no-cache" />

[shahab]

What I want to do is sth like Yahoo Mail!It is so clear!But wh there is no way to ensuring? :confused:

Casual msg u hase seen it many times :

Warning: Page has Expired The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.

 

To resubmit your information and view this Web page, click the Refresh button

:rolleyes: Edited March 7, 2004 by shahab

[shahab]

unfortunately the code u told does not work as my demand!

I can press back to whole pages and explore backward!

Help.How the yahoo does?

[fadi]

i've been in the same problem and couldnt find a solution, and no body did provide one

[samsmithnz]

You need to check the session at the beginning of a page load to see if its a current session. I guess you'd have to come up with a new session variable for each new page.

 

Disabling the back button is impossible as far as I know. The most you can do is open the application in a new window without the toolbar, but people can still use keyboard shortcuts (Backspace). This is standard in most web apps.

[AdrenalineX]

For simplicity's sake, let's say you have 3 pages (login.aspx, secure.aspx, and logout.aspx).

 

Add a runat=server button to login.aspx with the following in the _Click Sub:

Session("test") = "test"

Server.Transfer("secure.aspx")

 

In secure.aspx, you will simply check for the session value in the Page_Load Sub:

If Session("test") <> "test" Then

Server.Transfer("logout.aspx")

End If

 

Add a runat=server button to secure.aspx to allow for logging out with the following in the _Click Sub:

Session.Abandon()

Server.Transfer("logout.aspx")

 

Add some text to logout.aspx so that you can easily see you were transferred.

 

If you go through the pages (click the login button on login.aspx and then the logout button on secure.aspx) you will find that you cannot simply hit the back button in IE and view secure.aspx.

 

That was a very simplified example, but hopefully points you in the right direction.

 

Good luck,

AdrenalineX

[WebJumper]

You can do a trick to disable the back-button:

 

Open each page in a new window and in the options of window.open() function set the target to _self, so the iw-window is the same but the history is cleared...

 

After postback of any button or something you have to do the same:

E.g.: window.open(window.location, _self, "");

 

Maybe it works for your prob.

 

Regards, Stefan

[Derek Stone]

All of these are cheap hacks for lack of better phrasing. In reality you shouldn't be messing with the user's history. That is there choice.

[shahab]

So many Thanks to all :D :-\