Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: Active Server Pages (ASP)
Expertise: Beginner
Sep 29, 1999

Session Abandon Does Not Stop Back Button

Question:
I have a session variable that keeps track of a user name and is set through a login page. Every page in the application first checks for the session variable and redirects to the login page if empty. I have a log out button that calls session.abandon and redirects to the home page. If the user logs out, then clicks the back button on the browser, it seems like session variables still exist. However, if the user logs out, then manually types in the address of one of the pages, it correctly redirects the user to the login page.

Answer:
Since the back button brings the page from the local browser's cache, it does not run your session login check code again. So the user can access it. To prevent this, you can make sure the browser does not cache your pages. You can do this by providing some META tags. However, all your pages will need to be treated this way, making the browser fetch pages each and every time from your site. Check out the pros and cons before deciding.

DevX Pro
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap