I tried this method by putting it in my login.cshtml but it doesnt work there at all. Then I tried putting it in my _Layout.cshtml but then it does it's job while affecting the entire website (as expected). Any tips on where I should put or how I should manipulate the code?

here it is here:

function preventBack() { window.history.forward(); }
    setTimeout("preventBack()", 0);

I tried this method by putting it in my login.cshtml but it doesnt work there at all. Then I tried putting it in my _Layout.cshtml but then it does it's job while affecting the entire website (as expected). Any tips on where I should put or how I should manipulate the code?

here it is here:

function preventBack() { window.history.forward(); }
    setTimeout("preventBack()", 0);

• javascript
• jquery
• asp
• asp-mvc
• asp-mvc-4

• 6 disabling back/forward is horrible from a user experience perspective. what if someone DOESN'T want to log in and landed on the login page accidentally? – Marc B Commented Dec 10, 2014 at 14:10
• @MarcB what do you propose then? I have this problem in mvc, where when I log out (and clear sessions) you can click back in the browser and see sensitive information. – Vrankela Commented Dec 10, 2014 at 14:16
• 3 that's a browser cache problem... if it's sensitive, then output the page with no-cache headers. – Marc B Commented Dec 10, 2014 at 14:21
• 1 @Vrankela This is an example of an XY Problem. Your goal was to prevent someone from seeing sensitive data, but you wanted to do that by disabling the back button. What you should have asked from the beginning was "how do I prevent people from accessing sensitive cached information after logging out?" – mason Commented Dec 11, 2014 at 16:49
• @mason I'm going to listen to your advice, should I post a new question or edit the existing one? – Vrankela Commented Dec 12, 2014 at 8:43

2 Answers 2

I recently used this in an MVC project. Maybe you can put it on the page that the login redirects to.

//kill all back button functionality
function noBack() { window.history.forward() }
noBack();
window.onload = noBack;
window.onpageshow = function(evt) { if (evt.persisted) noBack() }
window.onunload = function() { void (0) }

Do be careful though if you are using this for security reasons, as Javascript is not the most ideal solution to handle secure logic within a site. It is easy to get around since the Javascript code is executed on the clients PC and/or it can be disabled by the browser.

You can put it in the layout but active it only if your on the login page :

 if(window.location.href.toLowerCase().indexOf("login") > -1)
 {
     function preventBack() { window.history.forward(); }
     setTimeout("preventBack()", 0);
 }