A web browser's back button is essential for users to navigate across different web sites and web pages. However, for certain data sensitive web applications, using a web browser's back button can have unexpected and undesirable results. With poor planning, it could even crash a web site.
You developed a web survey for users to complete. Once the survey is submitted, the response is recorded in a database with a pre-coded caseID. Now, suppose a user just submitted his survey, then for some reason, he hit the browser's back button. Then, with or without making any changes, he submitted the survey again. Here, you ended up with two records (duplicate or not) with the same caseID. If the caseID is set to be unique, the user would get an error message.
In fact, the back button problem has pestered programmers for so long and caused so many headaches that across the net there is a flurry of questions, such as "How do I disable a browser's back button?".
This code snippet basically directs the page in concern to expire immediately once it is posted and set the page to cache none of its content. In ASP .NET, you can do something similar to disable browser page caching, like the following:
You can place the code in the page_load event. Ideally, the code should be executed whenever the page is loaded. And, whenever a user tries to go back to the page, he/she should get a "Page has Expired" warning.
However, some browsers may ignore the page cache settings and some users may still get away with submitting a form multiple times. This leads us to a second, more reliable solution: the timestamp solution. You should always use this solution while also adding the response caching instructions to the Page_Load procedure.
protected void Page_Load(object sender, EventArgs e)
Session("TimeStamp") = Now.ToString;
ViewState("TimeStamp") = Now.ToString;
//your own function here
private boolean isPageExpired()
if (Session("TimeStamp") == null ||
ViewState("TimeStamp") == null)
else if (Session("TimeStamp") == ViewState("TimeStamp"))
The code is pretty self-explanatory. Whenever a page is loaded, it checks whether it is a resubmitted one by calling the isPageExpired function. If the function returns true, it redirects the page to the page-expired response; if not, it sets two timestamps: one saved in session state, the other view state.
The isPageExpired function compares the timestamp saved in session state and the timestamp in viewstate. If they are different, the user has submitted a form from cache; then, the page directs them to the Page-expired response.