Load event

[norminator]

I have a big problem guys in asp.net, i need the code in the load event on a page to trigger everytime its loaded. The problem is for example i have a user called nas, and nas logs in and chooses to view his information, when he logs out and a different user say chris when he selects to view his information he sees nas's information. This occurs because the code that does all the binding is on the load event of the page. And because the page was already called instead of it running the code again it receives the page from cache. Now the question is: Is their any way to prevent this from happening and cuz the code on the load event to run again?

Need urgent help!

[psybuck2002us]

Provide some code so we can have a better understanding of how you implementing this. If you are using forms authentication, you should not be having this problem.

[icymint3]

you can configure caching to work with parameters, or using page directives... i dont remember it exactly but you can consult any asp.net book, it should be in the first few (overview) pages.

maybe i'll find it tomorrow and tell you, if no one else helps out by then.

[ToxXxic]

This occurs because the code that does all the binding is on the load event of the page. And because the page was already called instead of it running the code again it receives the page from cache. Now the question is: Is their any way to prevent this from happening and cuz the code on the load event to run again?

Need urgent help!

This code will prevent IE browsers from caching:

Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1

OR

Response.Cache.SetCacheability(HttpCacheability.No Cache)


This code will prevent All browsers from caching:

Response.ClearHeaders()
Response.AppendHeader("Cache-Control", "no-cache")
Response.AppendHeader("Cache-Control", "private")
Response.AppendHeader("Cache-Control", "no-store")
Response.AppendHeader("Cache-Control", "must-revalidate")
Response.AppendHeader("Cache-Control", "max-stale=0")
Response.AppendHeader("Cache-Control", "post-check=0")
Response.AppendHeader("Cache-Control", "pre-check=0")
Response.AppendHeader("Pragma", "no-cache")
Response.AppendHeader("Keep-Alive", "timeout=3, max=993")
Response.AppendHeader("Expires", "Mon, 26 Jul 1997 05:00:00 GMT")

However, are you sure that your site is secure enough? If a user logs out then clicks "BACK" does he get back into your app or is he prevented? If a user refreshes a page is he allowed to do multiple sql transactions where he should only be allowed to do one? If so you might want to check this out: http://aspalliance.com/687#Page2

This javascript will prevent a user from going back to a particular page :
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
<!--
window.history.forward(1);
//-->
</SCRIPT>

Here is how I implemented it in Asp.net:
Embed the following scripts in the HTML in the login.aspx and logout.aspx webforms
1) I put this javascript on the login page
<script language="Javascript">
<!--
javascript:window.history.forward(1);
//-->
</script>

2)I put this javascript on the logout page
<script language="Javascript">
<!--
javascript:window.history.forward(1);
window.location="login.aspx"//redirect to the login page immediately
//-->
</script

When the user clicks the logout button/link then the logout.aspx page redirects to the login.aspx page and both these javascripts prevents the user from going back into the app without logging in.

Javascript must be enabled in the client browser for this to work so you might want to test for that and display a message if it is not.

You may also want to clear all session variables when the user logs out and run some form of validation on each page to test if these variables are set. This will prevent the user from typing in a URL directly in the browser and retreiving someone else's data.

[norminator]

Respect to all you guys who tried to help. The code works fine! All i did was to place it on the load event and it works so far perfectly! Dont know if it will trigger some kind of error elsewhere but its a chance i have to take until then! Are there any other solutions?

[ToxXxic]

The code works fine! All i did was to place it on the load event and it works so far perfectly!

Anytime. Glad To help

[ToxXxic]

Additionally are you protected from SQL Injection? For example if a user types something like password' or '1'='1 in the password field and submitts it, will this cause him to bypass your login?

Copy and paste all that is displayed in red above, in the password textbox and try to bypass your security. Any username should work with this

[norminator]

Additionally are you protected from SQL Injection? For example if a user types something like password' or '1'='1 in the password field and submitts it, will this cause him to bypass your login?

Copy and paste all that is displayed in red above, in the password textbox and try to bypass your security. Any username should work with this

It doesnt bypass my login page, what exactly does it do?