How to Prevent Browser Back to Previous Page Values

Question

I'm trying to prevent the previous values shown when the user clicks the browser's back button after a record insert using ASP.NET.

I know this is a classic question asked many times, but I've tried a number of suggested methods found online and none have the proper solution. Also, I understand this can be done with Javascript, but am looking for an ASP.NET solution if at all possible.

Example: You have an Order Page where you collect a credit card number. After they submit the order, it takes them to a Confirmation page showing success.

Here's the issue: If the user then clicks the browser's back button, it will take them back to the Order page and show them the credit card number previously entered. I want to prevent that.

Basic example below using a Session variable (I've also tried various methods of clearing caches that I show at the end). It works EXCEPT when a control that causes a postback is used (which I need). Meaning, if you manually enter the card number and submit and try to go back, you can't and it works. However, if I click the "Test" button at any point and then submit and go back, it doesn't work.

OrderPage.apsx

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="OrderPage.aspx.vb" Inherits="OrderPage" %>

<!DOCTYPE html>
<html>
<head runat="server"><title>Order</title></head>
<body>
    <form id="form1" runat="server">
        <h1>Order</h1>
            <p>
                Card:<br />
                <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
            </p>
            <p>
                <asp:Button ID="ButtonTest" runat="server" Text="Test" CausesValidation="false"  /> 
                <asp:Button ID="ButtonSubmit" runat="server" Text="Submit" CausesValidation="true" />
            </p>
    </form>
</body>
</html>

Partial Class OrderPage
    Inherits System.Web.UI.Page

    Private Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
        If Session("MyStatus") = "Confirmed" Then
            Session("MyStatus") = "Removed"
            Response.Redirect("ConfirmPage.aspx?m=02")
        End If
    End Sub

    Private Sub ButtonTest_Click(sender As Object, e As EventArgs) Handles ButtonTest.Click
        TextBox1.Text = "This is a test"
    End Sub

    Private Sub ButtonSubmit_Click(sender As Object, e As EventArgs) Handles ButtonSubmit.Click
        Session("MyStatus") = "Submitted"
        Response.Redirect("ConfirmPage.aspx?m=01")
    End Sub
End Class

ConfirmPage.aspx

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="ConfirmPage.aspx.vb" Inherits="ConfirmPage" %>

<!DOCTYPE html>
<html>
<head runat="server"><title>Confirm</title></head>
<body>
    <form id="form1" runat="server">
        <h1>Confirmation</h1>
        <p><asp:Label ID="Label1" runat="server">Enter any text.</asp:Label></p>      
    </form>
</body>
</html>

Partial Class confirm
    Inherits System.Web.UI.Page

    Private Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
        If Session("MyStatus") = "Submitted" Then
            Session("MyStatus") = "Confirmed"
            Label1.Text = "Success! Your order was submitted."
        End If
    End Sub
End Class

Clearing cache methods tried

Method 1:

Response.Buffer = True
Response.ExpiresAbsolute = Now()
Response.Expires = -1
Response.CacheControl = "no-cache"

Method 2:

Response.Buffer = True Response.ExpiresAbsolute = DateTime.Now.AddSeconds(-1)
Response.Expires = 0
Response.CacheControl = "no-cache"

Method 3:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))

Response.Cache.SetCacheability(HttpCacheability.NoCache)

Response.Cache.SetNoStore()

Method 4:

Response.Cache.SetNoStore()

Response.Cache.AppendCacheExtension("no-cache")

Response.Expires = 0

Answer 1

Hi @Ptownbro,

I tested against your code and I think the code below should help you achieve what you want.

Put the following code in Page_Load of Order Page.aspx.vb.

 HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache)
        HttpContext.Current.Response.Cache.SetNoServerCaching()
        HttpContext.Current.Response.Cache.SetNoStore()

ALL CODE

Public Class OrderPage
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        If Session("MyStatus") = "Confirmed" Then
            Session("MyStatus") = "Removed"
            Response.Redirect("ConfirmPage.aspx?m=02")
        End If
        HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache)
        HttpContext.Current.Response.Cache.SetNoServerCaching()
        HttpContext.Current.Response.Cache.SetNoStore()

    End Sub
    Private Sub ButtonTest_Click(sender As Object, e As EventArgs) Handles ButtonTest.Click
        TextBox1.Text = "This is a test"
    End Sub

    Private Sub ButtonSubmit_Click(sender As Object, e As EventArgs) Handles ButtonSubmit.Click
        Session("MyStatus") = "Submitted"
        Response.Redirect("ConfirmPage.aspx?m=01")
    End Sub

End Class

Best regards,
Lan Huang

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

the best solution is the post-redirect-get pattern. all posts should redirect to a display page, rather than return the html directly. this combined with the above caching settings should handle things nicely.

https://en.wikipedia.org/wiki/Post/Redirect/Get#:~:text=Post%2FRedirect%2FGet%20(PRG,submitting%20the%20form%20another%20time.