Deleting History pages in ASP.net

How to delete the history pages in ASP.net? In my application when the user logs out, i delete the session variables and expire the cookie(aspxauth and asp_net_sessionId) but however when user clicks on the back button of the browser, user could still see the pages with all the user information on it.开发者_运维知识库 However the page cannot interact the server as sessions are not available but expired pages contain demographic information which is an harmful scenario for Security issues. Any help appreciated.

You can't as far as I know. You can, however disable caching on the page which should give you the desired result. When the user clicks back, instead of showing the cached page, the page should get pulled again. And if you have your site setup right, it should redirect them to a login page.

If this is secure data, you should be serving it up HTTPS which will not cache it anyway. You could also try

response.Headers.Add("pragma", "no-cache");
response.Headers.Add("Cache-control", "no-cache, no-store, must-revalidate");
response.Headers.Add("Expires", "01 Apr 1995 01:10:10 GMT");

to get the page to expire immediately.

History pages are a browser, client-side feature, not server side. So you cannot remove than using ASP.NET and C#.

You could create a javascript, client-side code that would remove history, but I do not think this is good design. Maybe this is your only choice, but from a user standpoint I would find annoying to not be able to access browser history.

I guess you should think of a different strategy, like avoiding caching pages.