Go4Expert

Go4Expert (http://www.go4expert.com/)
-   JavaScript and AJAX (http://www.go4expert.com/forums/javascript/)
-   -   Disable back button after logout? (http://www.go4expert.com/forums/disable-button-logout-t17477/)

aspguy 12May2009 11:15

Disable back button after logout?
 
I would not want my users when logout use the back button and see the user content once again. How can I disable back button after logout?

I thought of something like this

<BODY onload="history.go(+1)" >

but any other option you would suggest ?

shabbir 12May2009 12:41

Re: Disable back button after logout?
 
Why would you want to be doing that but I would suggest its better of clearing the cookies / session and so if back is hit then it refreshes from server and not the cached version of the page is rendered.

akshits 12May2009 16:27

Re: Disable back button after logout?
 
Hello,

Disabling the back button is 101% unrealistic. A long way to do so is:-

1> Your logout link must be like:-

Code:

<a href="logout.jsp" target="_new" onclick="location.replace('browserClose.php');">Logout</a>
Will open a new tab in Mozilla and a new window in IE. On click the open window will goto "browserClose.php"

Other way is using the following on each page to prevent page caching:-

Code:


<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META NAME="ROBOTS" CONTENT="NONE">
<META NAME="GOOGLEBOT" CONTENT="NOARCHIVE">

-or-

Code:


<?php

function setExpires($expires) { 
 header( 
  'Expires: '.gmdate('D, d M Y H:i:s', time()+$expires).'GMT'); 

setExpires(timing needed); 
?>

Regards

akshits 12May2009 16:28

Re: Disable back button after logout?
 
Quote:

Originally Posted by akshits (Post 47682)
Hello,

Disabling the back button is 101% unrealistic. A long way to do so is:-

1> Your logout link must be like:-

Code:

<a href="logout.jsp" target="_new" onclick="location.replace('browserClose.php');">Logout</a>
Will open a new tab in Mozilla and a new window in IE. On click the open window will goto "browserClose.php"

Other way is using the following on each page to prevent page caching:-

Code:


<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META NAME="ROBOTS" CONTENT="NONE">
<META NAME="GOOGLEBOT" CONTENT="NOARCHIVE">

-or-

Code:


<?php

function setExpires($expires) { 
 header( 
  'Expires: '.gmdate('D, d M Y H:i:s', time()+$expires).'GMT'); 

setExpires(timing needed); 
?>

Regards

The meta tags must also be on page includes.
Sorry.

Regards,
Akshit Soota

gkumar 25Jun2009 15:29

Re: Disable back button after logout?
 
I have seen this question asked many times in forums, but I either don't understand the solution, or I try the solution, and it doesn't work. Here goes:

I have a cookie login script, but whenever I expire the session cookie, the user can still hit the back button, and see the last page. I want to be able to clear the cache, or use some other method to disable the back button. I don't want to use javascript, because that can be disabled by the user. I especially want to use this when a user deletes their account.

I currenty have a logout perl script that redirects to a web page after the cookie is expired.

The latest thing I saw in a forum and tried, is to put the following in all the pages to expire the cache, but it doesn't work:

Code:

<meta http-equiv="pragma" content="no-cache" />
<meta http-equiv="expires" content="0" />

I know there has to be a way to do this right, because it's used with secure servers all the time. After you log out, if you hit the back button, it shows "session expired".

Does anyone know how the pro's are doing this? Thanks!

Also, could someone tell me how you can get this forum to instant email you everytime someone replies? It usually only does it once for me. I use the instant email setting when I submit a thread.

james4u 9Feb2011 11:05

Re: Disable back button after logout?
 
I faced the similar issue in implementing this and fixed by adding the following in the Cache-control

Code:

"Cache-Control", "no-store, no-cache, must-revalidate"


All times are GMT +5.5. The time now is 00:24.