Re: FormsAuthentication client-side problem
From: Marcio Kleemann (notavailable)
Date: 05/28/04
- Next message: Tony Wright: "Switching between http and https popping up a login box"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Getting a list of roles"
- In reply to: Wes Henderson: "Re: FormsAuthentication client-side problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 May 2004 16:01:28 -0700
That did it - thanks!
"Wes Henderson" <wes1024@hotmail.com.nospam> wrote in message
news:%236cKE35QEHA.3748@TK2MSFTNGP09.phx.gbl...
> Marcio,
>
> Try this in your Page_Load:
>
> Response.Cache.SetCacheability(HttpCacheability.NoCache);
>
> --
> Regards,
> Wes Henderson
>
> In order to help everyone, please direct all replies to this newsgroup.
> This posting is my personal effort to provide help and is not on behalf of
> any company.
> Also, this posting is provided "AS IS" with no expressed or implied
> warranties.
>
> "Marcio Kleemann" <notavailable> wrote in message
> news:%23lcWvF3QEHA.624@TK2MSFTNGP11.phx.gbl...
> > I'm using FormsAuthentication to secure access to a web site. The
> > authentication process works correctly initially. The pages on the site
> have
> > a "logout" button, which basically call FormsAuthentication.SignOut()
and
> > redirect the user to the login page.
> >
> > The problem is that after the user logs out, if they were to use their
> > browser's "Back" button (or even enter the url to the page directly on
the
> > browser), they are allowed into that page. This is probably because the
> > browser is simply re-rendering the page without going back to the server
> > (I've verified that it does not go back to the server by placing a
> > breakpoint on page_load). Interestingly enough, if you enter a url for a
> > page on that web site that was not navigated to while the user had been
> > authenticated, then it correctly kicks them to the login page. But any
> page
> > that was visited during the authenticated session continues to be
> available
> > on that browser even after SignOut.
> >
> > Since this needs to be solved on the client side, I'm trying to
implement
> > something using the client's onload event, which is raised every time
the
> > browser renders the page (whether through Back button, etc). But the
> problem
> > is that with client-side scripting like javascript or vbscript I don't
> have
> > access to session variables and such - which I could otherwise use to
> > indicate that the user is no longer authenticated. So I'm at a loss as
to
> > how to handle this.
> >
> > If someone has dealt with this before, I'd much appreciate pointing me
in
> > the right direction.
> >
> > Thanks
> >
> >
>
>
- Next message: Tony Wright: "Switching between http and https popping up a login box"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Getting a list of roles"
- In reply to: Wes Henderson: "Re: FormsAuthentication client-side problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
