ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,254 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
You can use JavaScript to remove the login page from history via the history api
MVC Login page back button can login again
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 99%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
ask
21
Reputation points
I have an app using forms authentication. I use Formsauthentication.signout in logoff action with Session.Abandon and Session.Clear. If I hit the back button and go all the way back to the login page, the username and password are still in the fields. And I can hit submit and it reauthenticates. The only way around this that guarantees the clearing of these fields is to redirect to the login action instead of the home page. I verified this behavior with a default visual studio project with individual accounts. Am I missing something? Is there a way to log a user off and redirect to home page, but have the login fields cleared? From what I am reading there isn't much to do except tell the user to close the browser window is the only guaranteed way of the page not being accessible.
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 51%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Yijing Sun-MSFT 7,066 Reputation points2021-11-08T06:40:17.73+00:00 Hi @ask ,
As far as I think,the user will get logged out once the authentication cookie times out. ASP.NET Identity comes with this capability and called a Security Stamp. The highlighted configuration compares the security stamp stored in the auth token to the the database value every 30 minutes.app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } });Note:you could created the IAuthenticationManager in the controller and called Signout.
Best regards,
Yijing Sun
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.