用户退出后,页面被重定向到Login.aspx页面,但按下后退按钮后,他可以看到之前的页面。
我已经使用JavaScript来禁用后退按钮
我的Logout.aspx如下:
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Logout.aspx.vb" Inherits="Logout" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="-1" />
<meta http-equiv="CACHE-CONTROL" content="NO-CACHE" />
<title>Untitled Page</title>
<script type="text/javascript" language="Javascript">
history.go(1);
</script>
</head>
<body onload="changeHashOnLoad(); ">
<form id="form1" runat="server">
<div>
</div>
</form>
</body>
<script type = "text/javascript">
function disableBackButton() {
window.history.forward();
}
setTimeout("disableBackButton()", 0);
</script>
<script type="text/javascript">
function noBack() { window.history.forward() }
noBack();
window.onload = noBack;
window.onpageshow = function(evt) { if (evt.persisted) noBack() }
window.onunload = function() { void (0) }
</script>
</html>
Logout.aspx.vb跟随:
Imports System.Data.SqlClient
Imports System.Data
Partial Class Logout
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim strHostName As String = System.Net.Dns.GetHostName()
Dim clientip As String = GetIpAddress()
Dim params() As SqlParameter = New SqlParameter(6) {}
params(0) = New SqlParameter("@compname", strHostName)
params(1) = New SqlParameter("@ip_add", clientip)
params(2) = New SqlParameter("@mac_add", "")
params(3) = New SqlParameter("@login_id", Session("login").ToString())
params(4) = New SqlParameter("@user_name", Session("topusr").ToString())
params(5) = New SqlParameter("@login_status", "Logout Success")
params(6) = New SqlParameter("@counted", "Y")
Dim cnString As String = ConfigurationManager.ConnectionStrings("patravaliConnectionString").ToString
Dal.ExecuteNonQuery(cnString, CommandType.StoredProcedure, "sp_audit1", params)
Response.Cookies.Add(New HttpCookie("Asp.Net_SessionId", ""))
Response.Cookies.Add(New HttpCookie("ASMSAUTH", ""))
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetExpires(Now.AddSeconds(-1))
Response.Cache.SetNoStore()
Response.AppendHeader("Pragma", "no-cache")
Page.Response.Cache.SetCacheability(HttpCacheability.NoCache)
System.Web.Security.FormsAuthentication.SignOut()
Response.Redirect("login.aspx")
'FormAuthentication.Signout()
Response.Buffer = True
Response.ExpiresAbsolute = DateTime.Now.AddDays(-1D)
Response.Expires = -1500
Response.CacheControl = "no-cache"
'Response.Buffer=<SPAN style="COLOR: blue">true;<o:p></o:p>
'Response.ExpiresAbsolute=DateTime.Now.AddDays(-1d);
'Response.Expires =-1500;
'Response.CacheControl = "no-cache";
'if(Session["SessionId"] == null)
'{
' Response.Redirect ("WdetLogin.aspx");
'}
'}
'
Session("topusr") = ""
Session("topdept") = ""
Session("usercd") = ""
Session("branch") = ""
Session("prt") = ""
Session("deptcd") = ""
Session.Abandon()
Session.Abandon()
Session.Clear()
Session.RemoveAll()
Application("genericstr") = "uu"
Response.Redirect("~/Login.aspx")
End Sub
Public Function GetIpAddress() As String
Dim stringIpAddress As String
stringIpAddress = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If stringIpAddress Is Nothing Then
'may be the HTTP_X_FORWARDED_FOR is null
stringIpAddress = Request.ServerVariables("REMOTE_ADDR")
'we can use REMOTE_ADDR
Dim add As String = HttpContext.Current.Request.UserHostAddress
End If
Return stringIpAddress
End Function
End Class
查看的上一页只是一个缓存,因为在该页面上所做的任何更改都会将其重定向到主页。 但所有以前的页面都包含只有登录人员可以看到的信息。