ASP.NET MVC – Prevent Browser Back Button Openning Page After Logout

If you have ASP.NET MVC application with login / logout functionality (for example using Forms Authentication), you may have noticed that after logout, if you hit back button in your browser, last page you were on will open. In secure application this could present a problem, as it could expose information that only authorized users should view.

Culprit in this scenario is our browser, as it will quite happily show cached version of the page after you’ve logged out.

There isn’t much you can do, except tell your browser to not cache your application’s pages. You can do this for individual pages in your applications, or if you want all pages not to be cached, you can add an event in Global.asax file.

Add Application_BeginRequest() method to your application’s Global.asax file, and add code below which will disable browser caching for each request.

        protected void Application_BeginRequest()
        {
            Response.Cache.SetCacheability(HttpCacheability.NoCache);
            Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
            Response.Cache.SetNoStore();
        }
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s