[manishmishra.mishra58]

I've created a complete login-logout asp.net app.In which I want to clear the session data on logout button click and whenever user click on back button it should not redirect to visited page.
I have used all the session methods like clear(),abandon(),removecontents(),etc.but it not works.
Please provide the complete solution on this.
reply soon asap.

regards
Manish MCTS.

[CasiOo]

calling abandon() should start a new session

Once the Abandon method is called, the current session is no longer valid and a new session can be started


You can't really stop the browser from keeping history of visited pages

[November-06]

We did have a problem like that before.

Even when you abandon and clear sessions, the session will return if the user clicks the back button.

So what we did was create a page (for example logout.aspx)

In the Page_Init, we added the following codes:

        Session.Abandon()
        Session.RemoveAll()
        Dim logoutpage As String = "Logout.aspx"
        Response.Write("<script language=javascript>")

        Response.Write("{")
        Response.Write(" var Backlen=history.length;")

        Response.Write(" history.go(-Backlen);")
        Response.Write(" window.location.href='" + logoutpage + "'; ")

        Response.Write("}")
        Response.Write("</script>")

        Response.Redirect("Login.aspx")

So, for you logout button, all you need to do is redirect to your logout.aspx.

The logout.aspx will be responsible for clearing and abandoning sessions. The code that I gave should handle the behavior of the back button.

But if you notice, it is javascript that handles the Back button so if I'm not mistaken this will only work if javascript is turned on.