Friday, August 29, 2008

Prevent user from back to the previous page after logout

Problem: Prevent user from back to the previous page after logout.

Solution: For this scenario, my idea is to write a cookie when logout (check the “SetLogoutCookie” function), and read the cookie when page load for each web page except login.aspx (check the “RedirectToLoginPage” function). If the data in cookie means logout then redirect current page to login.aspx.

***** default.aspx ****** <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Untitled Page</title> <script type="text/javascript">

function SetLogoutCookie(value)

{

var exdate=new Date();

exdate.setDate(exdate.getDate()+1);

var expires = ";

expires=" + exdate.toGMTString();

document.cookie = "logout=" + value + expires+";

path=/";

}

function Checklogout() {

var c_start = document.cookie.indexOf("logout=");

if (c_start!=-1) { c_start=c_start + 7; c_end=document.cookie.indexOf(";",c_start)

if (c_end==-1)

{

c_end=document.cookie.length;

} if(document.cookie.substring(c_start,c_end)== "true")

{

return true; }

}

return false;

}

function RedirectToLoginPage() {

if (Checklogout()) { window.location = "login.aspx";

}

}

</script>

</head>

<body onload="RedirectToLoginPage()"> <form id="form1" runat="server">

<div>

<asp:LinkButton ID="LinkButton1" runat="server" OnClick="LinkButton1_Click" OnClientClick="SetLogoutCookie('true')">Log out </asp:LinkButton>

</div>

</form>

</body>

</html>

************* default.aspx.cs ********************************

protected void LinkButton1_Click(object sender, EventArgs e)

{

FormsAuthentication.SignOut();

FormsAuthentication.RedirectToLoginPage(); }

************ login.aspx ************************************

<html xmlns="http://www.w3.org/1999/xhtml">

<head runat="server">

<title>Untitled Page</title>

<script type="text/javascript">

function SetLogoutCookie(value)

{

var exdate=new Date();

exdate.setDate(exdate.getDate()+1);

var expires = "; expires="+exdate.toGMTString();

document.cookie = "logout=" + value + expires+";

path=/";

}

</script>

</head>

<body>

<form id="form1" runat="server">

<div>

Name:<asp:TextBox ID="TBName" runat="server">test</asp:TextBox>

<br />

Password:<asp:TextBox ID="TBPassword" runat="server" TextMode="Password"></asp:TextBox>

<br />

<asp:LinkButton ID="LinkButton1" runat="server" OnClick="LinkButton1_Click" OnClientClick="SetLogoutCookie('false')">Login</asp:LinkButton></div>

</form>

</body>

</html>

************ login.aspx.cs ***********************************

protected void LinkButton1_Click(object sender, EventArgs e)

{

if (FormsAuthentication.Authenticate(TBName.Text,TBPassword.Text))

{ FormsAuthentication.RedirectFromLoginPage(TBName.Text,false);

}

}

************ web.config **********************************

<authentication mode="Forms">

<forms name="appNameAuth" path="/" loginUrl="login.aspx"

protection="All" timeout="30">

<credentials passwordFormat="Clear">

<user name="test" password="test" />

</credentials>

</forms>

</authentication>

<authorization>

<deny users="?" />

</authorization>

Posted by at 1 comment:
Labels:
Subscribe to: Posts (Atom)