Hi,<BR><BR>We are using a 3rd party product which has been developed using ASP. I&#039ll explain the problem,<BR><BR>1. The login page is in HTML (login.htm)<BR><BR>2. Once you click on the SUBMIT button, it takes you to the main page (lets say main.asp)<BR><BR>3. Right at the beginning of main.asp, the app creates a cookie and stores the login name and password by using the Request.Form method to retrieve the form contents and then using Response.Cookies to generate a cookie.<BR><BR>4. The same page has a logout button, which is simply a link back to "login.htm"<BR><BR>This suggests to the user that the session has been terminated. *BUT*, the user can click on the back button in the browser and everything works fine. This is because it reposts the data and get the login/password again and creates the cookie all over again.<BR><BR>How do I ensure that if the user clicks on the back button, the session is terminated?<BR><BR>You must realize, that this application uses cookies extensively for session management. It does not use the concept of ASP Sessions at all!! <BR><BR>Also, I&#039ve tried using the following code at the beginning of main.asp but to no avail,<BR><BR>Response.Buffer = true<BR>response.expires = 0<BR>response.expiresabsolute = Now() - 1<BR>response.addHeader "pragma","no-cache"<BR>response.addHeader "cache-control","private"<BR>Response.CacheControl = "no-cache"<BR><BR>This does not work, because the user can simply click on "YES" in the "Repost form data" dialog and the cookie will be generated again!! <BR><BR>From what I can tell you, the problem lies in the technique it uses to generate a cookie --&#062; It does not use any session variables, but just cookies! <BR><BR>Please do provide me with a simple and efficient answer to solving this problem.<BR><BR>Thanks a ton,<BR><BR>With Regards,<BR>Anuj