Asp.Net中的安全漏洞 [英] Security Weakness in Asp.Net

问题描述

<小>

当我单击.net应用程序中的注销按钮，然后在浏览器中按返回按钮时，我将自动登录...
我需要解决方案...
通常，网站应询问用户名和密码.

when i Click on logout button in my .net application and then when i press back button key in browser i will be autometically sign in ...
i need solution for it...
Generally Website should ask username and password.

推荐答案

请参考以下网址，Sandeep Mewara在其中发布了有关此问题的提示.:
注销后浏览器后退按钮问题 [

refer the following url, where Sandeep Mewara has posted Tip for such issue.:
Browser back button issue after logout[^]

hope it helps.

您将需要确保登录名后面的页面(那些只能在登录后才能访问的页面)未缓存在浏览器中:

You will need to make sure the pages behind the login (those that can only be accessed after login) are not cached in the browser:

Page.Response.Cache.SetCacheability(HttpCacheability.NoCache);

如果使用表单身份验证，则还需要放弃会话并注销:

If using forms authentication, you will also need to abandon the session and logout:

Session.Abandon();
FormsAuthentication.SignOut();

浏览器后退按钮 [ ^ ]
禁用返回按钮 [如何在注销后禁用浏览器返回bottun. [ ^ ]

另一个已解决的答案:
注销后，他们是后退按钮问题 [ ^ ]

一些更有用的链接:
在ASP中注销后出现后退按钮问题. NET [如何在之后禁用浏览器的后退按钮注销 [

Browser back button[^]
Disable back button[^]

Please refer a good answer on same question:
How to disable browser back bottun after logout.[^]

Another solved answer:
After Logout Their is Back Button Problem[^]

Some more useful links:
Back Button issue after Logout in ASP.NET[^]
How to disable back button of the browser after logout[^]

在单击注销按钮时，删除所有会话(Session.Abandon()).并在每个页面上检查特定会话(创建通用函数)是否为null，然后重定向到默认错误页面.

我给你链接k希望能提供更多帮助

ASP.NET Web应用程序安全性审查:请执行&不要 [ ^ ]

on clicking of logout button remove all the sessions (Session.Abandon()). and on every page check a particular session (create a common functiion) if it is null than redirect to your default error page.

and i give u link k hope it will more help

ASP.NET web application security review: Do''s & Don''ts[^]

这篇关于Asp.Net中的安全漏洞的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！