I have seen solutions that do not show the Back button. (basically opening another instance of the browser, which hasn't got the nav bar).
But I have never seen one that disables
Alt + Back combo :)
Even if somebody does, I think this is a very shallow hack, I am curious as to how to make the browser nav bar transmit calls to the loaded program (the web page and its javascript), insted of doing the obvious.
Waiting for the solution to come ...

Why do you want to keep the user from clicking the back button?

Is it because you want to keep them from re-posting data? If that's the case, an alternative would be to use session variables to set a flag for when a page has been posted.

Here's a solution to trap a browser refresh. Perhaps it would work, or could be modified for your purposes. http://msdn.microsoft.com/asp.net/archive/default.aspx?pull=/library/en-us/dnvs05/html/bedrockaspnet.asp#bedrockas_topic2

Jason, I can't explain the reasoning, due to the nature of the application, all I can say is that I have a real need to prevent the user from using the back button, and that a session flag will not solve the problem, in my case.

Robin, I read that article a few months ago and thought about how to take something along the lines of what Dino talks about and implement it, but didn't come up with anything solid, yet :) The thing is, you can't capture a "back" event, and that is what we really need to be able to do. To the server, there is no differenc in clicking the back button, or just typeing the previous URL into the address locator and clicking "go". Its all client side.

i huh

Why not:

void Button1_Click(...)
{
// do work...
Response.Redirect(Request.Path);
}

This is how I prevent naive uses from reposting. The message the browser tends to present to them is quite useless in making them understand the ramifications. So, remove the possibility from the equation. Now, this certainly doesn't address the ability to hit the back button, so perhaps I'm speaking to a different problem than the one you're trying to find a solution to.

Here's my angle on the back button issue...
http://tom.gilki.org/programming/javascript/Login/

There is nothing out there that's 100% because there is no standard for browsers.

First I think it's worth stating why you might want to do this:
You might have an administration or sensitive-data section of an application (protected by authentication) and even though a security-concious authorized used has signed-out .. 2 bad things could possibly happen:
1. They could walk away and a savvy culprit could click back from their 'signed-out' page and easily read sensitive info.
2. (not common but possible) The authorized user could click back from the 'signed-out' page to read something in an edit screen - then come back after lunch and forget they are signed out, do some more editing, and then lose that work when they try to update.
3. There are probably other scenarios.

It's a legitimate need. Here's some thoughts to stimulate the solution:
Design your application to effectively do 2 page outputs for each page of the app. It would load the real response into a destination page - say with a unique key and an expiration etc.
Then initially respond with an instantaneous redirect page which pops to the actual page (you know the annoying things I'm talking about.)
The first page uses a META-REDIRECT with 0 seconds of course.
It's target is a uniquely-keyed and expiring response.

Sounds like a lot of trouble - and I am already starting to imagine security problems it might create unto itself - which could be coded around though.

Anyway that's my stab at a solution.
Expansions on this idea?

- Jim

I have a similar problem which is causing a huge headache!  There appears to be loads of discussion on the net but no actual solutions.  I can't seem to even work out an agreeable partial solution to my problem :-(

Hopefully you will be able to understand this brief description of my page functionality:
The webpage basically creates further user inputs on the same page when the user changes a dropdownlist via an autopostback onSelectionChanged event.

If the user then presses the browser back button the page is redisplayed with the users selections made, but not the new further input previously automatically triggered.  This means that the user would then have to change their selections in order to re-trigger the onSelectionChanged and hence to display the further inputs. (And then change back to their original selections to see the first generated list.)

I've played about with the cache testing both in release and debug modes (as I read somewhere that debug affects cache parameters), but all I can get it to do is the show "Page has expired" warning.

Admittedly if the user then bothers to press the refresh button my page_load handles the current user selections and redisplays the lists with the new one showing as if the onChange event had been fired, but this is not satisfactory.

Surely there must be a way of forcing the page to never cache, but rather than show expired warnings execute the page_load function?

I'm sorry Jim it may be me being thick, but I'm not sure what you mean by your suggestion, how does the page with the redirect get triggered by the back button rather than the standard warning page? - this sounds like it might work.

<%@ OutputCache Location="None" %>

You can do one thing that is not the right solution but it can adjust. Instead of navigating to the same window you just use javascript window.open() method and after executing this statement just put another statement which close the self like

self.close().

This way your back button will be disabled.

Did you try to include this within "head" ?

<script type="text/javascript">

function noBack(){window.history.forward()}

noBack();

window.onload=noBack;

window.onpageshow=function(evt){if(evt.persisted)noBack()}

window.onunload=function(){void(0)}

</script>

Nice post.... think of some alternative solution...

< script language = "JavaScript" >//back button javascript, Flash actionscript provided by Robert Penner//source@robertpenner.comfunction setPage ( newPage ) {        //check if Flash object exists        if ( window . document . mymovie ) {                //set page variable in _root timeline of Flash movie                window . document . mymovie . SetVariable ( "page" , newPage );        }}</ script

It is SOBs like you jerks that make my needs so darn difficult.  When I push the back button, I want the damn back button work!  I am not talking about security, I am talking about just plain old navigation of going back from a search page from a link I don't need.  I get so pissed at not being able to get out of a site, I will put it on my restricted page.  Ya know what? Perhaps next time I might want that page and it won't be availble.