Hello All,

I have a logout button on my website that is coded

<INPUT id=but1 name=but1 type=button onClick="self.location.href='logout.asp'" value="Logout"


When the user clicks it it takes them to the logout page. Well, on the logout page I have

SESSION.ABANDON

in the code. However, once the user clicks the back button, it simply takes them back to the protected page. Is there coding that will prevent this from happening. Once the user logs out, I don't want them to be able to click back again and view the pages they had to be logged in to see.

I've googled this, and I can't seem to find anything that will work.

Have a cookie to identify whether someone is authenticated and then in your session end (global.asa?) code, clear the cookie value. Ensure that on each page you check for the cookies existence.

I'm fairly new at this, so bear with me. Where would this code be inserted? Any examples of what It looks like? Thanks for your help

Ignore what I said about cookies, you can probably get away with nothing but session variables.

Read more about them here: ASP Session object

I really can't find anything that makes sense to me. Once the user clicks logout, I want the session to clear and if they hit the back button they cannot see the page they were logged in on without having to log in agian. My code looks like this, where would I insert code to prevent them from hitting the back button and seeing the page they were just on?

I am using front page. Thanks !!

CODE:

<%@ Language="VBScript" %>
<% Option Explicit %>


<%



If Session("username") <> "TOL" Then Response.Redirect("../login_db_nav.asp")



%>





<html>
<head>
<meta http-equiv="expires" content="0" />

<INPUT id=but1 name=but1 type=button onClick="self.location.href='logout.asp'" value="Logout"

After successful login:
On every "secure" page
On log out: