|
Home > Archive > IIS Server Security > June 2004 > Disable back button
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Disable back button
|
|
|
| Hello,
For security purposes I would like to know how to disable
the back button in the browser and/or expire the page
similar to an online banking institution does.
e.g. when you hit the back button in the browser it gives
the warning that page has expired.
Thanks
Joe
| |
| Ken Schaefer 2004-06-20, 10:36 pm |
| The expiry is set using HTTP headers.
You can't disable the back button per se.
You can set the HTTP headers either using IIS Manager, or you can
dynamically set them using server-side code. For example in ASP you'd do:
<%
Response.ExpiresAbsolute = #1/1/1980#
Response.AddHeader "cache-control", "no-cache"
Response.AddHeader "pragma", "no-cache"
%>
Cheers
Ken
"Joe" <anonymous@discussions.microsoft.com> wrote in message
news:1e22d01c454e3$b42b1c10$a401280a@phx
.gbl...
: Hello,
:
: For security purposes I would like to know how to disable
: the back button in the browser and/or expire the page
: similar to an online banking institution does.
: e.g. when you hit the back button in the browser it gives
: the warning that page has expired.
:
: Thanks
: Joe
| |
| Jerry Pisk 2004-06-20, 10:36 pm |
| Please take the time and read the page you're talking about. It does not
mean the page expired. It means that IE will not automatically re-submit
your previous request (because it was submitted with a POST method, sending
some data to the server).
Jerry
"Joe" <anonymous@discussions.microsoft.com> wrote in message
news:1e22d01c454e3$b42b1c10$a401280a@phx
.gbl...
> Hello,
>
> For security purposes I would like to know how to disable
> the back button in the browser and/or expire the page
> similar to an online banking institution does.
> e.g. when you hit the back button in the browser it gives
> the warning that page has expired.
>
> Thanks
> Joe
| |
| Paul Lynch 2004-06-20, 10:36 pm |
| On Thu, 17 Jun 2004 20:24:03 -0700, "Joe"
<anonymous@discussions.microsoft.com> wrote:
>Hello,
>
>For security purposes I would like to know how to disable
>the back button in the browser and/or expire the page
>similar to an online banking institution does.
>e.g. when you hit the back button in the browser it gives
>the warning that page has expired.
>
>Thanks
>Joe
Joe,
Try this :
Disabling the Back Button
http://www.htmlgoodies.com/tutors/nobackbutton.html
Regards,
Paul Lynch
MCSE
| |
|
| Thanks Ken for your reply.
Where can I learn to do this in the HTTP headers via IIS
manager? I am not too familiar with .asp just getting
started
>-----Original Message-----
>The expiry is set using HTTP headers.
>You can't disable the back button per se.
>
>You can set the HTTP headers either using IIS Manager, or
you can
>dynamically set them using server-side code. For example
in ASP you'd do:
>
><%
>Response.ExpiresAbsolute = #1/1/1980#
>Response.AddHeader "cache-control", "no-cache"
>Response.AddHeader "pragma", "no-cache"
>%>
>
>Cheers
>Ken
>
>"Joe" <anonymous@discussions.microsoft.com> wrote in
message
> news:1e22d01c454e3$b42b1c10$a401280a@phx
.gbl...
>: Hello,
>:
>: For security purposes I would like to know how to
disable
>: the back button in the browser and/or expire the page
>: similar to an online banking institution does.
>: e.g. when you hit the back button in the browser it
gives
>: the warning that page has expired.
>:
>: Thanks
>: Joe
>
>
>.
>
| |
| shaun.stewart@hsbeil.com 2004-06-26, 10:16 am |
| Joe,
All you have to do is paste the following into the page_load event on each page in your ASP.Net app (assuming VB.Net)
Response.Cache.SetCacheability(HttpCacheability.NoCache)
This will force no cache on the client machine and thus if the back buttton is pressed, the page expired warning comes up.
regards
Shaun
****************************************
******************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...
| |
| Jerry Pisk 2004-06-26, 10:16 am |
| No it will not.
Jerry
"Shaun Stewart" <shaun.stewart@hsbeil.com> wrote in message
news:ubBw%23vRWEHA.2928@tk2msftngp13.phx.gbl...
> Joe,
>
> All you have to do is paste the following into the page_load event on each
> page in your ASP.Net app (assuming VB.Net)
>
> Response.Cache.SetCacheability(HttpCacheability.NoCache)
>
> This will force no cache on the client machine and thus if the back
> buttton is pressed, the page expired warning comes up.
>
> regards
>
> Shaun
>
> ****************************************
******************************
> Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
> Comprehensive, categorised, searchable collection of links to ASP &
> ASP.NET resources...
|
|
|
|
|