session.abandon, back button

[Niv3k]

I have my users logging into a secured section of my website. When they hit the logout button, I send them to a page that has basically one line of asp code: session.abandon. If they hit the back button after logging out however, they can see the pages that they viewed while they were logged in. How do I prevent them from doing this, without disabling the history button while they are logged in?

Thanks!
Kevin

 

[topher0303]

Assuming you already have code in place to prevent a user from viewing a page when they are not logged in, they must be seeing a cached copy.

Try putting the following at the top of each asp page you do not want redisplayed:

<%
Response.Expires = -1000
Response.CacheControl = &quot;No-cache&quot;
%>


If it is a cache problem, this should fix your problem.

Chris.

 

[Mdiaz]

I use the following type code on all my protected pages. Goes on first line of page.

If seesion(&quot;CreekOK&quot<>&quot;OK&quot; then
response.redirect &quot;noaccess.asp&quot;
End If


All you need to do is assign the good creeps with a sesion variable like Session(CreepOK&quot = &quot;OK&quot; when they log in.

Mike Diaz... Mike Diaz
tripletpublishing.com