Hi,

After the user is signed out and taken to the login page, they can still use 
the back & history features in the browser to access pages. Every page 
(except login) has a check at the beginning to redirect the user after being 
logged out, but when the page is accessed via back button, the debugger 
doesn't stop at that code b/c the page is cached and is not generated at the 
server.

How can I make these pages disappear from the history?

Thank you in advance,

Richard

Hi Richard,
you have to turn off caching of your web pages on client browser. Put 
following directive <%@ OutputCache Location="None" VaryByParam="None" %> to 
each page you are securing by authentication so when client press back button 
it will force browser to request the page from server and to load it from 
cache.

You can also make caching profile in your web.config file and load profile 
in your pages, your settings will be centralized.

<system.web>
  <outputCacheSettings>
    <outputCacheProfiles>
      <add name="myProfile" location="None" VaryByParam="None" />
    </outputCacheProfiles>
  </outputCacheSettings>
</system.web>

Each page will refernce your profile by adding this directive:
<%@ OutputCache CacheProfile="myProfile" />

Best regards,
Ladislav

<

Regards,
Ladislav

"Richard" wrote:


> Hi,
> 
> After the user is signed out and taken to the login page, they can still use 
> the back & history features in the browser to access pages. Every page 
> (except login) has a check at the beginning to redirect the user after being 
> logged out, but when the page is accessed via back button, the debugger 
> doesn't stop at that code b/c the page is cached and is not generated at the 
> server.
> 
> How can I make these pages disappear from the history?
> 
> Thank you in advance,
> 
> Richard