Security in asp .net

I have a query related to Login in ASP .NET website. When a user logs into system, his interface opens. But, when I click back from menu, it goes to Login page again. That is fine. But, when I click Forward from menu it opens 开发者_开发百科User's interface back. This should not happen, it should ask to login again. I wrote Session.Remove(), but still it is not working..

Assuming you're using FormsAuthentication...

To sign a user out, you don't abandon the session, you use FormsAuthentication.SignOut()

To get the desired behavior, put this in the Page_Load event of your login page.

Also, you'll want to ensure that your login page is not cached, otherwise this may not run when the user clicks the "Back" button. http://msdn.microsoft.com/en-us/library/system.web.httpresponse.cache.aspx

When you say back from menu you don't mean the "back" button on the browser do you?

If not try:-

Session.Abandon();

Also are you setting any authentication tickets? If so you will need to clear these as well.