Re: NoAccessAllowed.aspx

(INLINE)

"Andrew" <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:85062D22-815F-4815-8E29-BDC932D65743@xxxxxxxxxxxxxxxx
> Hi all,
>
> Q1: When running my aspx application in IE, I noticed that the user is
> still
> able to assess the system after the session cookies has expired by
> clicking
> on the BACK AND FORWARD buttons on the browser. I guess this is because
> the
> page is cached by the brower.

This is correct.

> Is there anyway of preventing this from
> happening ?

Set a low cache time in your page to ensure it does not cache for long on
their machine. You can use zero if they should not get back to the page
after submit.

> Is it possible to redirect the page to NoAccessAllowed.aspx if
> the user clicks the BACK browser button after the session has expired ?

How do you know to redirect them? It is their machine, their browser cache
and a cached version of your page. Your server has no clue, at that time,
they exist. You can create a JavaScript mechanism, but it is probably more
trouble than it is worth (unless you can google search and find someone who
has already done the work and left it available for everyone to use).

> Q2: I was thinking of AUTOMATICALLY redirecting my page ( after the
> session
> has expired) to another page ie. NoAccessAllowed.aspx. Is there a way I
> can
> do this AUTOMATICALLY ?

Yes and no. You can add a meta-refresh tag to your page with the timeout
value for the application. When the page redirects, you ensure
NoAccessAllowed.aspx also kills a session if one still exists (logs them
out); this is a safety measure. You will still need to have short cache
times as back button is still available.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***********************************************
Think Outside the Box!
***********************************************


.