0

I have a form where users enter input. I want to prevent a different person from going back using the back button, and seeing what the first person entered.

I realize this is a problem only on the same browser etc. but that might be a problem sometimes.

I tried both Server.Transfer() and Response.Redirect() but both don't prevent it. I also tried setting the textboxes' (asp:TextBox) Text to empty in the event handler for the submit button in codebehind, but it still didn't work since the transfer overrode that.

The technology it WebForms. This is a given. I'm doing everything in codebehind, and would prefer solving this from there as well, if possible.

ispiro
  • 23,513
  • 30
  • 116
  • 236
  • _"I also tried making the textboxes' Text to empty, but it still didn't work since the transfer overrode that."_ - How exactly did you do that? I would've tried using Javascript on the previous page and subscribed to the [`window.onbeforeunload` event](https://developer.mozilla.org/en-US/docs/Web/API/WindowEventHandlers/onbeforeunload), making it clear all the sensitive information. – Visual Vincent Apr 03 '19 at 20:52
  • @VisualVincent I did that on the button submit event handler in codebehind. – ispiro Apr 03 '19 at 20:56
  • Ah. Well yes then it's likely too late. It should be done on the frontend before leaving the page. – Visual Vincent Apr 03 '19 at 21:04
  • 1
    I'd suggest a combination of https://stackoverflow.com/questions/2699284/make-page-to-tell-browser-not-to-cache-preserve-input-values and `` on the page itself. – mjwills Apr 03 '19 at 21:40

1 Answers1

1

Clearing the data from the backend (codebehind) will be too late as the redirect will, as you say, happen before the change occurs.

Instead I suggest you use Javascript on the frontend, subscribe to the window.onbeforeunload event and use that to clear your page before the redirect takes place.

An example implementation can look like:

window.addEventListener("beforeunload", function() {
    var inputs = document.getElementsByTagName("input");

    //Iterate all <input> elements on the page.
    for(var i = 0; i < inputs.length; i++) {
        var input = inputs[i];

        //Ignore all elements that don't have type="text" or type="password" (we don't want to clear buttons, etc.).
        if(["text", "password"].indexOf(input.type.toLowerCase()) < 0) { continue; }

        //Clear the element's value.
        input.value = "";
    }
});

I gave it a brief test: Right before redirecting you'll notice the text boxes being cleared, and when you return by pressing the Back button the text boxes are still empty.

Visual Vincent
  • 17,424
  • 5
  • 24
  • 66