ASP.NET Browser Question

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

A user logs into a web site. He is then redirected to a web page of his choosing - based on menu options - for example: "WeeklyReport.aspx" is a page the user is currently viewing

If the user session times out, I redirect the user to a "logoff.aspx" web page that now informs the user he must relogin to the web site

Question: Is there anyway to clear the browser's history list (prior to Response.Redirect("logoff.aspx") - to ensure the user can't depress the "back" button to return to the page where the timeout occurred

If this is not possible - what if after I detect the session timeout - Is it then possible to close the current browser where the timeout occurred - and open a new browser with "logoff.aspx" information - How would I do this?
 
Try the following code in Page Load event

Response.Expires = 0
Response.ExpiresAbsolute = Now()
Response.CacheControl = "no-cache"
 
Question: Is there anyway to clear the browser's history list (prior to
Response.Redirect("logoff.aspx") - to ensure the user can't depress the
"back" button to return to the page where the timeout occurred?

No.
If this is not possible - what if after I detect the session timeout - Is
Click to expand...
it then possible to close the current browser where the timeout occurred -
and open a new browser with "logoff.aspx" information - How would I do this?

You can't do anything on the client because of a Session Timeout. The
Session Timeout occurs without any Request, and the server can only react on
the client via a client Request.

What you CAN do is to use JavaScript or a META Refresh tag on the client to
redirect after a certain period of time. You can set the time to the same
interval as a Session Timeout.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

David said:
A user logs into a web site. He is then redirected to a web page of his
Click to expand...
choosing - based on menu options - for example: "WeeklyReport.aspx" is a
page the user is currently viewing.
If the user session times out, I redirect the user to a "logoff.aspx" web
Click to expand...
page that now informs the user he must relogin to the web site.
Question: Is there anyway to clear the browser's history list (prior to
Click to expand...
Response.Redirect("logoff.aspx") - to ensure the user can't depress the
"back" button to return to the page where the timeout occurred?
If this is not possible - what if after I detect the session timeout - Is
Click to expand...
it then possible to close the current browser where the timeout occurred -
and open a new browser with "logoff.aspx" information - How would I do this?
 
Kevin

I did the redirect using a META tag. But I get the same result - i.e., I get the back button enabled and with the prior history

Unless I did this wrong - but basically - I get the same as if I placed in the Page_Init the following code..
if Session.IsNewSession then Response.Redirect(...

Basically - I can get the page as I requested - but I'd like to either disable the back button or have this opened in a 2nd window. Is their anyway to use the META refresh tag to open a 2nd browser window - then somehow close the 1st?
 
Hi David,
I did the redirect using a META tag. But I get the same result - i.e., I
Click to expand...
get the back button enabled and with the prior history.

You asked 2 distinct questions, and I answered them individually. The answer
to the second question had nothing to do with the answer to the first.
Basically - I can get the page as I requested - but I'd like to either
Click to expand...
disable the back button or have this opened in a 2nd window. Is their
anyway to use the META refresh tag to open a 2nd browser window - then
somehow close the 1st?

No. The remark about the META Refresh tag was in answer to your question
about how to redirect after a Session Timeout.

It would help if you discuss what your business requirement is. What is it
that you are wanting to prevent from happening? And by that, I don't mean
technically, e.g. not using the Back button or preventing the user from
navigating back to a page. What I need to know is, what business requirement
are you trying to fulfill by this?

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

David said:
Kevin,

I did the redirect using a META tag. But I get the same result - i.e., I
Click to expand...
get the back button enabled and with the prior history.
Unless I did this wrong - but basically - I get the same as if I placed in
Click to expand...
the Page_Init the following code...
if Session.IsNewSession then Response.Redirect(...)

Basically - I can get the page as I requested - but I'd like to either
Click to expand...
disable the back button or have this opened in a 2nd window. Is their
anyway to use the META refresh tag to open a 2nd browser window - then
somehow close the 1st?
 
Summary of my initial request... "A user logs into a web site. He is then redirected to a web page of his choosing - based on menu options - for example: "WeeklyReport.aspx" is a page the user is currently viewing. If the user session times out, I redirect the user to a "logoff.aspx" web page that now informs the user he must relogin to the web site. Question: Is there anyway to clear the browser's history list (prior to Response.Redirect("logoff.aspx") - to ensure the user can't depress the "back" button to return to the page where the timeout occurred? If this is not possible - what if after I detect the session timeout - Is it then possible to close the current browser where the timeout occurred - and open a new browser with "logoff.aspx" information - How would I do this?

Basically - what business requirement are you trying to fulfill by this? Answer: Security
Reason: When the session times out, I require the user to NOT navigate again with the current browser - I want to prevent navigating to either the timed out page or any other page of their history list. I require the user to simply relogin - by connecting from main login page - that is visible on the desktop. The user's history list will be specific to the business needs of the organization - pages relative to main login page / so timeout means relogin - you lose your history

In summary: Yesterday PM - I Did implement a solution myself. Part 2 of question - I found a feasible solution. I basically open a new browser (back and forward buttons disabled) - only information in this window is message informing user of timeout and requirement to relogin to the web site. I also successfully close the main browser where the timeout occured

In any event, Thank you for reviewing my questions and your help.
 
You could put the following line in the script section of your page:
history.go(1);
This is a JavaScript command that when the page loads will always try
to go to the next page. This stops the back button's use.

Hope that this helps you.
Kalz
 
Back
Top