I am using ASP.net with C#.After I logout its possible to go back to pages using back button.I could fix the prob for the login.I have prob with the logout.I am using the inbuilt login page provided by the asp editor.Should I use sessions?
please help.
This is a caching issue. Browser will be loading the page from cache. You can disable caching of the Home page, and check for user session in that page. By this you can avoid the problem.
See HttpCacheability Enumeration
On all pages in your site, you need to check if the user is still logged in and if not, log them out.
You also need to make sure that the pages are not cached on the browser on anywhere else.
After using the back button, try doing some process that needs login privilages. I think you are logged out already but your browser is displaying your page from the cache.
As #Rahul has identified this is a cacheability issue. Basically what is happening is when the user visits the page the browser is caching it. So regardless if the user is logged in/out, when the user selects the back button, the page being retrieved from the cache not the server.
If you want to ensure the page is always retrieved from the server (which will effectively resolve your issue) you need to set Cacheability to NoCache. See Setting the Cacheability of a Page.
See Login on the Web. The same principles apply.
I used history.forward() in the header of the web page, which I didn't want to be displayed.
It is working.
Related
I am developing one web application in asp.net. I am opening my all pages on pop up window. I want to expire my session or change the session value when someone copy the url and paste it into another tab. How can i implement it ?
Please help me out.
A simple way would be to check Request.UrlReferrer. The Referrer would be empty if the user copy pastes a URL.
A couple of points you should consider before using this:
Provide exceptions for any pages that can be directly entered by
the user. For e.g. the login page or a page that can be bookmarked
I believe a pop can be opened from Javascript, without a referrer. Make sure your existing code is not using this method to open a pop up.
For a generic way to determine if the user has opened a new tab, see here
I have solved this problem by using this
string referer = Request.ServerVariables["HTTP_REFERER"];
if (string.IsNullOrEmpty(referer))
{
Response.Redirect("../Index.htm");
}
I have a web application that runs perfectly fine when I use the Visual Studio 2010 development server (Cassini). However when I try to use IIS Express to host the site Chrome just displays a "Bad Request - Request Too Long" error. The IIS Express site does display in other browsers (FireFox and IE9) so I'm kind of confused. The error occurs in Chrome when I try request pages in my application or even basic resources like an image, so I don't think it is an issue with URL rewriting or routing.
Just to see if the problem was somehow a result of my site's code, I created a new MVC3 website and tried running that. This worked in the VS development server, but once again produced the "Bad Request" error when running under IIS Express.
I am about to start testing the site using some mobile devices so I need to get this running under IIS. Any suggestions would be greatly appreciated.
EDIT:
The root url of the site (http://localhost:50650/) is being requested using GET. I am currently using Chrome v12.0.742.112.
I get this all the time ONLY in Chrome and I have to clear browsing data to fix it.
Wrench > Tools > Clear Browsing Data
Check the following:
Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site data
Then click "Clear Browsing Data" button and refresh your page.
UPDATE:
I figured out that it has to do with writing too many cookies to the browser and that if you just close all instances of Chrome, the error goes away for a while. To prevent it, you'll need to clear out your cookies programmatically.
Instead of clearing all the cookies, just do the following:
Right click the lock in the address bar area (see picture below)
Under cookies there is a link saying how many cookies are used
Click that link
Remove all cookies in there (or just the troublesome if you can identify them)
Problem gone
This error is caused by a corrupt cookie for the website you are trying to view, so to clear it all you need to do is clear the bad cookie(s) for that website.
In Chrome, go to...
chrome://settings/cookies
(Or manually go to Settings->Advanced Settings->Privacy->Content->All Cookies and Site data)
From there, you can search for cookies that match the site you are having problems on. Finally, click "remove all" for the matching cookies.
The problem is usually that the site in question has accumulated too many cookies or created cookies which are too large, making the HTTP headers swell beyond the allowed maximum.
One-time work-around
As has been mentioned, you can go to Settings|Advanced|Content Settings|All Cookies and Site Data, search for the site in question, and delete the cookies using the X button on the right. This reduces the header size of the HTTP request when contacting the site.
Long-term work-around
In addition to removing them one-time, however, you can prevent further problems with heavy cookie sites by going to Settings|Advanced|Content Settings|Manage Exceptions, and add the base site url (e.g. "msdn.microsoft.*" without the quotes) and select Behavior as "Clear on Exit". You might have to login more often to these sites, but this should prevent the problem.
I encountered this problem when using ADB2C login from ASP.NET WebApp. In Firefox you can do similar use case to delete related coockies and problem is gone for a while. Click on HTTPS (i) lock icon with, select ">" button on the right, select More information, select Security tab, click on View Cookies and click on Remove All. Done 4 a while.
If Above methods didn't work then enter
chrome://settings/resetProfileSettings
and Click on Reset Settings
This will reset your startup page, new tab page, search engine, and pinned tabs. It will also disable all extensions and clear temporary data like cookies. Your bookmarks, history and saved passwords will not be cleared.
In my asp.net web application on page load I grab the current page url and store it in a session variable to track which page the user is on so they can return to it if they enter an admin area, do some navigating around etc. They can then click the return button and will be taken to the page they were on before entering the admin.
This all works in IE8; however in FF and Chrome when in the admin the return link redirects to the custom 404 page I have for the web app.
For testing purposes I added the code I wrote below in with my page load event:
Response.Write((string)Session["navurl"]);// displays "http://somedomain.com/customerror/default.aspx"
Session["navurl"] = currentUrl;//ex. currentUrl = "http://somedomain.com/contact/"
Response.Write((string)Session["navurl"]);//ex. currentUrl = "http://somedomain.com/contact/"
Again this works without a problem in IE, but in FF and Chrome on page load the session variable displays the 404 page link and after setting it displays the correct link. I used fiddler to see what was going on and Chrome is throwing a 404 in the GET header for the favicon.ico file, which I am not using in this web app.
I added the faviocon file and the link in the head of the site.master file and Chrome and FF now work fine; I'm still not sure why this is happening. Anyone have an ideas why or how my Session variable is getting overwritten by Chrome or FF?
As a side note I have stepped thru the process debugging and currentUrl is the proper url.
Well, if you are using the .NET handler to serve all pages (ie. all file extensions), then it makes sense that when your browser will make a request for favicon.ico (google to understand what this is), the server fails to find it, and it redirects to a 404. Which in turn modifies the Session variable as "the last page served" : 404.
Now when you render you admin page, and query the Session for "the last page served" what do you get ? "404".
I'd suggest checking the URL to see if it reffers to a user-navigationable page before storing it in session
if (IsAUserPage(currentUrl)
Session["navurl"] = currentUrl;
When you access your admin, are you preserving your session? Using Fiddler have you seen another request for your page? Look for image tags with src="", or iframes.
You must set the Session var on every front end page, but, you never must never set it on the admin pages, only getting to build the "Back" link. If you are using Global.asax events, take care to avoid change the var when serving admin pages.
I have a problem in my asp.net pages
We are using form authentication. Once page is signed out I am able to go back to the previous page. This is due to pages cached in browser.
So i disabled the cache. But this has its own drawbacks.
If user is logged in he will not be able to navigate to the previous page using back button since no cache available in the browser.
if I have a file download in the page it wont work since cache disabled.
Even history.back javascript function also not the correct solution.
What is a permanent solution for this problem? I have faced with this all the time and never found a consistent solution.
Can anyone suggest a possible solution for this?
Thanks
SNA
You shouldn't need to disable caching. If you invalidate their session or authticket, you should be able to detect if they are signed out or not, in which case you can redirect them. This link may be helpful. If you are really concerned with the back button try using clearing the clients history via javascript after you log them out.
EDIT
Check out This Link It goes in depth on some of the different approaches. I don't think there is a sure fire way of keeping users from looking at previously downloaded content, but there are a few things you can do to make it difficult.
I have an ASP.Net 3.0 SP1 app that uses Form Authentication.
While testing, I noticed that if I viewed a page that another user was viewing, the other users name would be displayed in the control on my master page. The Context.User.Identity is also for the other user.
If I switch to different page that no one else is viewing the Context.User.Identity is correct.
I stumped and would appreciate suggestions.
Thanks in advance.
Chris
Maybe because output caching is enabled for the page: if the page is cached server-side with VaryByParam=none, all users will get the same copy from the cache.
I can only think of two things that can cause this:
You're storing user-specific data in a place shared between requests (e.g. in a static(C#)/shared(VB) variable, in the ASP.NET Cache, in the Application object, ...)
You have output caching enabled.
Check for:
OutputCache directives in your aspx and ascx files,
system.web/caching element in your web.config file(s),
Calls to the HttpCacheability.SetCacheability method.
If you can't find the problem:
Try creating a simplified version of your application until you get the simplest possible version that still reproduces the undesirable behaviour.
During this process of simplification you'll likely discover the problem for yourself. If not, post some code from the simplified version.
Make sure you are not using a link that comes with the authentication ticket when using a cookieless browser.
Also make sure to review any other that might be sharing the data among requests. Just like DOK said, but remember Application isn't the only way you could be doing that.
It looks like the issue was caused because I setting targetframe="_self" or Target="_self". I removed all these and everything seem to be working fine.
One other note: If I were to refresh the page it would also display the page with the correct user.