All geek questions in one place

How to prevent a user from returning to the login page after a successful login using the "Back" button

I am working on an MVC3 application and got into a login security issue. The scenario is when the user logs in with his username and password, if it is correct, he will be redirected to his home page.

But if they click the browser button, they will return to the login page, which in my case, I do not want. This is the same as facebook, gmail, etc. Where, as soon as the user logs in with their credentials, they cannot return to the login page simply by clicking the back button of the browser.

+4
source share
3 answers

You can use javascript that checks the cookie that you give after a successful login. js will check the load on the page and redirect to the page without logging in if the cookie exists. there are other ways to do this as described in: here

+6
source

you need to give out cache and headers, this is what I use:

<% HttpContext.Current.Response.Cache.SetAllowResponseInBrowserHistory(false); HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache); HttpContext.Current.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1)); HttpContext.Current.Response.Cache.SetValidUntilExpires(false); HttpContext.Current.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches); HttpContext.Current.Response.Cache.SetNoStore(); Response.Cache.SetExpires(DateTime.Now); System.Web.HttpContext.Current.Response.AddHeader("Pragma", "no-cache"); Response.Cache.SetValidUntilExpires(true); Response.Buffer = true; Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0)); Response.Expires = 0; Response.CacheControl = "no-cache"; Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-4)); Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0)); Response.AppendHeader("Pragma", "no-cache"); Response.Cache.AppendCacheExtension("must-revalidate, proxy-revalidate, post-check=0, pre-check=0"); %> <script language="javascript" type="text/javascript"> window.onbeforeunload = function () { // This function does nothing. It won't spawn a confirmation dialog // But it will ensure that the page is not cached by the browser. } </script>

Add this to the page title, and the next time the user tries to return, he will request a new page load.

+1
source

You can try this link to disable the back button in a browser in ASP.NET:

Disable browser button using ASP.NET Javascript

0
source

Source: https://habr.com/ru/post/1493889/

More articles:


All Articles