Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > FormsAuthentication client-side problem

Reply
Thread Tools

FormsAuthentication client-side problem

 
 
Marcio Kleemann
Guest
Posts: n/a
 
      05-26-2004
I'm using FormsAuthentication to secure access to a web site. The
authentication process works correctly initially. The pages on the site have
a "logout" button, which basically call FormsAuthentication.SignOut() and
redirect the user to the login page.

The problem is that after the user logs out, if they were to use their
browser's "Back" button (or even enter the url to the page directly on the
browser), they are allowed into that page. This is probably because the
browser is simply re-rendering the page without going back to the server
(I've verified that it does not go back to the server by placing a
breakpoint on page_load). Interestingly enough, if you enter a url for a
page on that web site that was not navigated to while the user had been
authenticated, then it correctly kicks them to the login page. But any page
that was visited during the authenticated session continues to be available
on that browser even after SignOut.

Since this needs to be solved on the client side, I'm trying to implement
something using the client's onload event, which is raised every time the
browser renders the page (whether through Back button, etc). But the problem
is that with client-side scripting like javascript or vbscript I don't have
access to session variables and such - which I could otherwise use to
indicate that the user is no longer authenticated. So I'm at a loss as to
how to handle this.

If someone has dealt with this before, I'd much appreciate pointing me in
the right direction.

Thanks


 
Reply With Quote
 
 
 
 
Wes Henderson
Guest
Posts: n/a
 
      05-27-2004
Marcio,

Try this in your Page_Load:

Response.Cache.SetCacheability(HttpCacheability.No Cache);

--
Regards,
Wes Henderson

In order to help everyone, please direct all replies to this newsgroup.
This posting is my personal effort to provide help and is not on behalf of
any company.
Also, this posting is provided "AS IS" with no expressed or implied
warranties.

"Marcio Kleemann" <notavailable> wrote in message
news:%(E-Mail Removed)...
> I'm using FormsAuthentication to secure access to a web site. The
> authentication process works correctly initially. The pages on the site

have
> a "logout" button, which basically call FormsAuthentication.SignOut() and
> redirect the user to the login page.
>
> The problem is that after the user logs out, if they were to use their
> browser's "Back" button (or even enter the url to the page directly on the
> browser), they are allowed into that page. This is probably because the
> browser is simply re-rendering the page without going back to the server
> (I've verified that it does not go back to the server by placing a
> breakpoint on page_load). Interestingly enough, if you enter a url for a
> page on that web site that was not navigated to while the user had been
> authenticated, then it correctly kicks them to the login page. But any

page
> that was visited during the authenticated session continues to be

available
> on that browser even after SignOut.
>
> Since this needs to be solved on the client side, I'm trying to implement
> something using the client's onload event, which is raised every time the
> browser renders the page (whether through Back button, etc). But the

problem
> is that with client-side scripting like javascript or vbscript I don't

have
> access to session variables and such - which I could otherwise use to
> indicate that the user is no longer authenticated. So I'm at a loss as to
> how to handle this.
>
> If someone has dealt with this before, I'd much appreciate pointing me in
> the right direction.
>
> Thanks
>
>



 
Reply With Quote
 
 
 
 
Marcio Kleemann
Guest
Posts: n/a
 
      05-27-2004
That did it - thanks!

"Wes Henderson" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Marcio,
>
> Try this in your Page_Load:
>
> Response.Cache.SetCacheability(HttpCacheability.No Cache);
>
> --
> Regards,
> Wes Henderson
>
> In order to help everyone, please direct all replies to this newsgroup.
> This posting is my personal effort to provide help and is not on behalf of
> any company.
> Also, this posting is provided "AS IS" with no expressed or implied
> warranties.
>
> "Marcio Kleemann" <notavailable> wrote in message
> news:%(E-Mail Removed)...
> > I'm using FormsAuthentication to secure access to a web site. The
> > authentication process works correctly initially. The pages on the site

> have
> > a "logout" button, which basically call FormsAuthentication.SignOut()

and
> > redirect the user to the login page.
> >
> > The problem is that after the user logs out, if they were to use their
> > browser's "Back" button (or even enter the url to the page directly on

the
> > browser), they are allowed into that page. This is probably because the
> > browser is simply re-rendering the page without going back to the server
> > (I've verified that it does not go back to the server by placing a
> > breakpoint on page_load). Interestingly enough, if you enter a url for a
> > page on that web site that was not navigated to while the user had been
> > authenticated, then it correctly kicks them to the login page. But any

> page
> > that was visited during the authenticated session continues to be

> available
> > on that browser even after SignOut.
> >
> > Since this needs to be solved on the client side, I'm trying to

implement
> > something using the client's onload event, which is raised every time

the
> > browser renders the page (whether through Back button, etc). But the

> problem
> > is that with client-side scripting like javascript or vbscript I don't

> have
> > access to session variables and such - which I could otherwise use to
> > indicate that the user is no longer authenticated. So I'm at a loss as

to
> > how to handle this.
> >
> > If someone has dealt with this before, I'd much appreciate pointing me

in
> > the right direction.
> >
> > Thanks
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FormsAuthentication.RedirectFromLoginPage problem BoltonWolf ASP .Net 5 01-05-2006 02:17 AM
formsauthentication.signout() problem Nitin ASP .Net 2 03-31-2005 04:34 AM
Re: FormsAuthentication.RedirectFromLoginPage problem Niels Schoot ASP .Net 0 03-14-2005 02:48 PM
DESPERATE: FormsAuthentication Problem Jeff B ASP .Net 4 01-11-2005 06:00 PM
Problem with FormsAuthentication Xavier MT ASP .Net 1 10-24-2003 06:11 PM



Advertisments