Disable Browser Back Button

In this quick code you will learn how to disable browser back button. As this is a client side solution, I would never suggest to use when it comes to confidential websites like banking sector.

Use following code on the page which you don't want to display when user comes by clicking back button.

<script type="text/javascript">
    function stopBack() { window.history.forward(); }
    setTimeout("stopBack()", 0);
    window.onunload = function () { null };
</script>

Let’s assume you have 2 pages Default.aspx and About.aspx, put above code on Default.aspx page and then click on a link which takes you to About.aspx page, then try to click back button. You will notice back button not working to take you back on Default.aspx page.

If you want this functionality to work on entire website then place above code in separate .js file and reference it in MasterPage in ASP.NET applications or place reference on each single html pages.

When security is concern

If security is main concern I would suggest to implement following approach. I have seen for doing this is to pass a token on every URL within the application, and within every form. The token is regenerated on every page, and once the user loads a new page any tokens from previous pages are invalidated.

The online banking application my bank provides is like this. If you use the back button at all, it terminates the session entirely and redirects you to login page.

Hope this helps.

Comments

Popular posts from this blog

Migrating database from ASP.NET Identity to ASP.NET Core Identity

Customize User's Profile in ASP.NET Identity System