Disable back button after logout?

Contributor
12May2009,11:15   #1
aspguy's Avatar
I would not want my users when logout use the back button and see the user content once again. How can I disable back button after logout?

I thought of something like this

<BODY onload="history.go(+1)" >

but any other option you would suggest ?
Go4Expert Founder
12May2009,12:41   #2
shabbir's Avatar
Why would you want to be doing that but I would suggest its better of clearing the cookies / session and so if back is hit then it refreshes from server and not the cached version of the page is rendered.
Go4Expert Member
12May2009,16:27   #3
akshits's Avatar
Hello,

Disabling the back button is 101% unrealistic. A long way to do so is:-

1> Your logout link must be like:-

Code:
<a href="logout.jsp" target="_new" onclick="location.replace('browserClose.php');">Logout</a>
Will open a new tab in Mozilla and a new window in IE. On click the open window will goto "browserClose.php"

Other way is using the following on each page to prevent page caching:-

Code:
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META NAME="ROBOTS" CONTENT="NONE"> 
<META NAME="GOOGLEBOT" CONTENT="NOARCHIVE">
-or-

Code:
<?php

function setExpires($expires) {  
 header(  
   'Expires: '.gmdate('D, d M Y H:i:s', time()+$expires).'GMT');  
}  
setExpires(timing needed);  
?>
Regards
shabbir likes this
Go4Expert Member
12May2009,16:28   #4
akshits's Avatar
Quote:
Originally Posted by akshits View Post
Hello,

Disabling the back button is 101% unrealistic. A long way to do so is:-

1> Your logout link must be like:-

Code:
<a href="logout.jsp" target="_new" onclick="location.replace('browserClose.php');">Logout</a>
Will open a new tab in Mozilla and a new window in IE. On click the open window will goto "browserClose.php"

Other way is using the following on each page to prevent page caching:-

Code:
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META NAME="ROBOTS" CONTENT="NONE"> 
<META NAME="GOOGLEBOT" CONTENT="NOARCHIVE">
-or-

Code:
<?php

function setExpires($expires) {  
 header(  
   'Expires: '.gmdate('D, d M Y H:i:s', time()+$expires).'GMT');  
}  
setExpires(timing needed);  
?>
Regards
The meta tags must also be on page includes.
Sorry.

Regards,
Akshit Soota
Banned
25Jun2009,15:29   #5
gkumar's Avatar
I have seen this question asked many times in forums, but I either don't understand the solution, or I try the solution, and it doesn't work. Here goes:

I have a cookie login script, but whenever I expire the session cookie, the user can still hit the back button, and see the last page. I want to be able to clear the cache, or use some other method to disable the back button. I don't want to use javascript, because that can be disabled by the user. I especially want to use this when a user deletes their account.

I currenty have a logout perl script that redirects to a web page after the cookie is expired.

The latest thing I saw in a forum and tried, is to put the following in all the pages to expire the cache, but it doesn't work:

Code:
<meta http-equiv="pragma" content="no-cache" /> 
<meta http-equiv="expires" content="0" />
I know there has to be a way to do this right, because it's used with secure servers all the time. After you log out, if you hit the back button, it shows "session expired".

Does anyone know how the pro's are doing this? Thanks!

Also, could someone tell me how you can get this forum to instant email you everytime someone replies? It usually only does it once for me. I use the instant email setting when I submit a thread.
Newbie Member
9Feb2011,11:05   #6
james4u's Avatar
I faced the similar issue in implementing this and fixed by adding the following in the Cache-control

Code:
"Cache-Control", "no-store, no-cache, must-revalidate"