FormsAuthentication Logout not working RSS

• • Reply
  •  
  

  bshannon

  Member

  23 Points

  136 Posts

  FormsAuthentication Logout not working

  Oct 10, 2007 01:17 AM|LINK

  After logging out I can still go back to the previous page and view the secure page's content.  I need to stop this.  How do I do this?  Here's my code...

  Login page:
                      FormsAuthentication.SetAuthCookie(Request.Form["Username"], false);
                      Response.Redirect("ClientMain.aspx");
  
  

  Secure Page:

                      if (User.Identity.IsAuthenticated) {}

  Logout Page:

                      FormsAuthentication.SignOut();
                      Session.Abandon();
                      Response.Redirect("Default.aspx");
  
   

• • Reply
  •  
  

  ziqbalbh

  Contributor

  2282 Points

  361 Posts

  Re: FormsAuthentication Logout not working

  Oct 10, 2007 05:55 AM|LINK

  Hi,

  Sometime this happens, then you will have to manually set the expiration date on authentication cookie using below.

  Response.Cookies[System.Web.Security.FormsAuthentication.FormsCookieName].Expires =  DateTime.Now.AddMonths(24)

  Zafar Iqbal
  http://ziqbalbh.com
  
  ** Please mark as ANSWER if my reply helped you
• • Reply
  •  
  

  bshannon

  Member

  23 Points

  136 Posts

  Re: FormsAuthentication Logout not working

  Oct 10, 2007 01:52 PM|LINK

   Ok, if I logout, get redirected, then hit the back button I am able to view the contents of the secure page.  If I hit the refresh button on that secure page after logging out it redirects me to the login page.  Is it possible to Authenticate a user when they hit the back button and go back to the secure page?
  

• • Reply
  •  
  

  bshannon

  Member

  23 Points

  136 Posts

  Re: FormsAuthentication Logout not working

  Oct 10, 2007 06:03 PM|LINK

  I tried using META tags and setting 'no-cache', but it still does it.  How can I force the page to authenticate the user EVERY time the page is visited? 

• • Reply
  •  
  

  lspence

  Star

  11331 Points

  1686 Posts

  Re: FormsAuthentication Logout not working

  Oct 10, 2007 06:37 PM|LINK

  In your Secure Page try adding the following to it's Page_Load:

  Response.AddHeader("pragma", "no-cache");
  
  Response.AddHeader("cache-control", "private");
  
  Response.CacheControl = "no-cache";
  
  Response.Cache.SetExpires(DateTime.Now.AddMinutes(-1));
  
  Response.Cache.SetCacheability(HttpCacheability.NoCache);
  
  Response.Cache.SetNoStore();
  

  Also add the following to your Secure Page's html in between your <head></head> tags.
  
  <script language="javascript" type="text/javascript">
       function prevent_previous_page_return()
       {
           window.history.forward();
       }
  </script>
  Finally call the JavaScript function in the <body> tag. 
  <body onload="prevent_previous_page_return()"> 

  My Blog
  http://Lspence.blogspot.com
  
  (Please MARK this post as ANSWERED, if you find it helpful)
• • Reply
  •  
  

  bshannon

  Member

  23 Points

  136 Posts

  Re: FormsAuthentication Logout not working

  Oct 10, 2007 06:52 PM|LINK

  Perfect!  Thank you! 

• • Reply
  •  
  

  lspence

  Star

  11331 Points

  1686 Posts

  Re: FormsAuthentication Logout not working

  Oct 10, 2007 07:11 PM|LINK

  Your welcome. [:)]
  

  My Blog
  http://Lspence.blogspot.com
  
  (Please MARK this post as ANSWERED, if you find it helpful)
• • Reply
  •  
  

  NaveenRKartha

  Member

  2 Points

  1 Post

  Re: FormsAuthentication Logout not working

  Aug 26, 2008 07:34 AM|LINK

  try thi in logout form

  Response.Write("<script>parent.location='/myAppl/login.aspx'</script>");

• • Reply
  •  
  

  macupryk

  Member

  716 Points

  351 Posts

  Re: FormsAuthentication Logout not working

  Dec 11, 2008 06:55 PM|LINK

  Can u put this in global.asax

  Thank you!
• • Reply
  •  
  

  aghdennis

  Member

  2 Points

  7 Posts

  Re: FormsAuthentication Logout not working

  Jul 11, 2010 01:18 AM|LINK

  so glad i met this reply. thank you soooo much