Browse DevX
Sign up for e-mail newsletters from DevX

Tip of the Day
Language: Active Server Pages (ASP)
Expertise: Beginner
Sep 29, 1999



Building the Right Environment to Support AI, Machine Learning and Deep Learning

Session Abandon Does Not Stop Back Button

I have a session variable that keeps track of a user name and is set through a login page. Every page in the application first checks for the session variable and redirects to the login page if empty. I have a log out button that calls session.abandon and redirects to the home page. If the user logs out, then clicks the back button on the browser, it seems like session variables still exist. However, if the user logs out, then manually types in the address of one of the pages, it correctly redirects the user to the login page.

Since the back button brings the page from the local browser's cache, it does not run your session login check code again. So the user can access it. To prevent this, you can make sure the browser does not cache your pages. You can do this by providing some META tags. However, all your pages will need to be treated this way, making the browser fetch pages each and every time from your site. Check out the pros and cons before deciding.

DevX Pro
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date