>From the sounds of it, the OP is doing this. It doesn't matter what access control you implement if the browser caches the page. The OP simply needs to implement something like Cerebrus suggested.
On Thu, Oct 22, 2009 at 2:51 AM, Paulo Roberto Pellucci < [email protected]> wrote: > Another thing you could do and, actually I see as a normal behavior for > every page is to verify if the user is logged in (might have something in > session). That would prevent ANY user that isn't logged in to access your > pages. > > But yet, as Cerebrus said, it does seems like a Cache problem. > > > On Wed, Oct 21, 2009 at 2:59 PM, Cerebrus <[email protected]> wrote: > >> >> You could simply prevent browser caching of the pages by specifying >> Cacheability and expiry parameters in your code. >> >> On Oct 21, 7:59 pm, himanshu <[email protected]> wrote: >> > i m using formauthontication.signout method >> > >> > i found that after signing out from the application i transfered the >> > control to login page e.g. login.aspx. At this point if i click the >> > Back button of Browser it shows the content of previous page user was >> > viewing.As there was important data displayed on page it is security >> > threat.It is a threat for web applications displaying important >> > information like credit card numbers or bank account data. >> > >> > any solutions >> > >> > thank u >> > > > > -- > Atenciosamente, > Paulo Roberto S. Pellucci >
