How not to allow the user to access the previous login/registration page after logging in or registering

Question

How not to allow the user to access the previous login/registration page after logging in or registering

Asked 7 years, 4 months ago

Viewed 901 times

1

I am developing an ASP.NET application and when the user logs in and clicks on the browser button to go back he can access the login/registration page, even if I check the logged-in user’s key on Session. Follow the prints:
1 - Fiz login

2 - I am logged in, the site redirects me to the index and I click the back button.

3 - After that I go back to the registration/login screen which can not happen:

After photo 3, if I go back to index, I log in normally, to prevent this I did a check in the controller checking whether the user is logged in or not, if yes it goes back to index, but when the user clicks back it looks like the browser that does this control. I’ve seen sites that don’t allow you to go back to the login screen, does anyone know how to fix it? Follow the check in the controller:

    public ActionResult LoginRegister()
    {
        if (Session["UserStatus"] != null)
        {
            return RedirectToAction("Index", "Home");
        }

        return View();

    }

    [HttpPost]
    public ActionResult LoginRegister(string fr,string t,string ReT)
    {
        if (Session["UserStatus"] != null)
        {
            return RedirectToAction("Index", "Home");
        }
        //Validação e outros processos.
    }

2 answers

1

Just add in the login page builder to not store cache, I believe this solves your problem.

For . net 4x.

[OutputCache(NoStore = true, Duration = 0)]
public ActionResult LoginRegister()
    {
        if (Session["UserStatus"] != null)
        {
            return RedirectToAction("Index", "Home");
        }

        return View();

    }

For . net core use:

[ResponseCache(NoStore = true, Duration = 0)]
 public ActionResult LoginRegister()
        {
            if (Session["UserStatus"] != null)
            {
                return RedirectToAction("Index", "Home");
            }

            return View();

        }

Browser other questions tagged c# asp.net-mvc

You are not signed in. Login or sign up in order to post.

by Cassio Alves • **1,033** points · Answer 1 · 2017-06-20T19:36:27+00:00

Use the Actionfilterattribute

First create a Loginfiltro class (for example):

public class LoginFiltro : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        object usuarioLogado = filterContext.HttpContext.Session["Nome"];

        if (usuarioLogado == null)
        {
            filterContext.Result = new RedirectToRouteResult(
                      new RouteValueDictionary(
                          new { action = "Index", controller = "Login" }));
        }
    }
}

which checks whether the user is logged in or not. Otherwise, the user will be redirected to the Controller Login.

No Controller

Then "decorate" the controllers you want to have this login control with:

[LoginFiltro]

above the Controller name.