Try this i find this best way to prevent back. Got this solution in codeproject.
clean the session value while logout with those common methods.
Session.Abandon();
Session.Clear();
Session.RemoveAll();
System.Web.Security.FormsAuthentication.SignOut();
Response.Redirect("frmLogin.aspx", false);
On ASPX page, I use the Jquery with JSON and check the Session value with LogoutCheck() WebMethod.
<script type="text/javascript">
$(document).ready(function () {
CheckingSeassion();
});
function CheckingSeassion() {
$.ajax({
type: "POST",
url: "frmLogout.aspx/LogoutCheck",
data: "{}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (response) {
if (response.d == 0) {
window.location = '<%= BaseURL %>' + "frmLogin.aspx";
}
},
failure: function (msg) {
alert(msg);
}
});
}
The LogoutCheck() WebMethod checks the session value from application server on client side loading moment.
I created this method on frmLogout.aspx page like this:
[WebMethod]
public static int LogoutCheck()
{
if (HttpContext.Current.Session["user"] == null)
{
return 0;
}
return 1;
}
Now, when user logs out the page, it redirects to logout page and clears and abandons the session values. Now when user clicks back button of browser, the client side only loads and in that period the CheckingSession() WebMethod fires in JQuery and it checks the session value LogoutCheck() WebMethod. As the session is null, the method returns zero and the page redirects again in login page. So, I don't have to clear the cache or clear any history of user's browser.