I have some web froms (.aspx) in a folder called “Secure” and a web.config at the application root and the login.aspx.  Everything works fine, when I logout it is redirected to Login.aspx, but when I click back on the browser I can view the secured pages (this should not happen as I am already logout). How to get rid of this problem???

Web.config file at the application root:

<authentication mode="Forms">

      <forms loginUrl="login.aspx" slidingExpiration="true" timeout="2"/>

</authentication>

<authorization>

      <deny users="?"/>

</authorization>

Sign-Out button code:

FormsAuthentication.SignOut();

FormsAuthentication.RedirectToLoginPage();

HI,
IN MY BELOW POST HERE I SHOWED HOW YOU CAN DISABLE BROWSER BACK BUTTON.
http://shawpnendu.blogspot.com/2009/04/cross-browser-javascript-to-disable.html

HOPE IT WILL HELP YOU.

MARK AS ANSWER if its help you.

 Thanks Shawpnendu for your reply.

                                                     But its not working for me. Any other tips or references.???

Hi imran_amodi,

The problem is caused by the cache in client. To disable the client cache, please check this post.

Thanks.

 Thanks Wencui Qian,

                                   Sorry for late reply i was on leave.

Try this:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();

When ever back button will be clicked, it won't show the page as the page whon't be cached.

Refer below url to know more about the caching:

http://msdn.microsoft.com/en-us/library/w9s3a17d(VS.71).aspx

http://msdn.microsoft.com/en-us/kb/kb00323290.aspx

http://msdn.microsoft.com/en-us/library/hdxfb6cy.aspx

 Thanks Sumitd.