2

I was told to have this

<meta http-equiv='pragma' content='no-cache'>
<meta http-equiv='cache-control' content='no-store'>

I am not sure whether this is required or not. I used .net 4, IIS 7.5 and mvc application. The site have some security area to view sensitive content. And I believe this is not necessary for .net project.

If I was wrong on this, please correct me.

Tun
  • 824
  • 3
  • 16
  • 30

2 Answers2

0

Those tags attempt to tell the browser not to cache your page. This is generally not needed, however used in Ajax pages (as a header) to prevent browsers from caching the response.

You usually add a Expires header to prevent caching.

Rick Kuipers
  • 6,616
  • 2
  • 17
  • 37
  • but some says after authentication content data may be cached locally by the user's browser as the cache control directive set by the application is 'Private'. still confused whether this is correct or not. – Tun Jul 30 '12 at 10:45
0

Neither is added by default in IIS. If you don't want the (well behaved) client to cache the content of the page, you need those server headers (or the meta http equivalent).

More on HTTP Cache at, Header Field Definitions & Caching in HTTP

A better method in my opinion is to set them as HTTP headers as here, How do I add site-wide no-cache headers to an MVC 3 app

Community
  • 1
  • 1
M Afifi
  • 4,645
  • 2
  • 28
  • 48
  • what about if I want no cache on authentication required pages only ? – Tun Jul 30 '12 at 12:51
  • Depends how you're doing it, MVC has a number of extension methods that allow you to modify the server header fields in them. – M Afifi Jul 30 '12 at 13:16