Knowledgebase
How do I modify the Secure Login Manager so that the user cannot click the "Back" button to re-enter the secure area after they have logged out?
Posted by DMXReady Admin on 26 August 2004 06:57 PM

Q. How do I modify Secure Login Manager so that the user cannot click the "Back" button to re-enter the secure area after they have logged out?

A. This problem occurs because the browser is adding the page to the cache, allowing visitors to click "back" to the cached page. Since technically the user is not logging into the website but only a saved version of this page, it does not trigger the login prompt. Unfortunately, users can click on links, etc. as if they were logged in.

There are three ways you can solve this problem:

1. Add the following code to the top of the page (for example, above the line of code that calls the Secure Login Manager):

Response.expiresabsolute=now() -1

2. Add the following two lines with your meta tags:

<meta http-equiv="PRAGMA" value="NO-CACHE">
<meta http-equiv="Expires" content="Mon, 01 Jan 1990 12:00:00 GMT">

3. Add the following code to the top of the page (for example, above the line of code that calls the Secure Login Manager):

Response.CacheControl = "no-store"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1

(1106 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Help Desk Software by Kayako dmxready.helpserve.com