2

I am using an MVC4 anti-forgery token created with @Html.AntiForgeryToken(). I have a problem as follows:

  1. The application opens and a login form is generated for the first time with an antiforgery token for user name of "".
  2. The login form is cached in the browser
  3. The user goes to another page
  4. User clicks the back button and goes back to the login page.
  5. Login page is displayed from cache and still has a token for user name of "".

Is there a way in MVC that I can make it so when a user clicks the back button and goes to the login page he is not presented with a cached version.

  • 1
    duplicate of http://stackoverflow.com/questions/10011780/prevent-caching-in-asp-net-mvc-3 – Kaido Jan 14 '13 at 14:16
  • It's not a duplicate. The other question relates to Ajax caching with jQuery. –  Jan 14 '13 at 14:49
  • 1
    @Melina It applies to you too. – ZippyV Jan 14 '13 at 15:24
  • This is a duplicate : ) see my answer (and others) at http://stackoverflow.com/questions/1160105/asp-net-mvc-disable-browser-cache/5546328#5546328 – Adam Tuliper Jan 14 '13 at 16:58
  • I think u should not use OutputCache for authentication user this is not best practice –  Jan 14 '13 at 15:47
  • says who? the last thing you want is a cached login form, and output cache does affect client side. There are other cache alternatives though depending on your scenario (child actions needed or not, etc) see the link I posted above) – Adam Tuliper Jan 14 '13 at 16:59
  • This is definitely a duplicate. – Chris Moschini Aug 05 '14 at 16:35

1 Answers1

0

Try this..

[OutputCache(NoStore = true, Duration = 0, VaryByParam = "*")]
public ActionResult MyAction()
{
    // do something
}
Adriano Silva
  • 2,518
  • 1
  • 17
  • 29
  • 1
    this is the cache mechanism occurs on server side. He want to disable browser's cache – phnkha Jan 14 '13 at 14:39
  • My answer was based on tests using a similar design. Using "OutputCache" the action is requested again to return to the page. – Adriano Silva Jan 14 '13 at 16:02
  • 1
    @namkha87 the output cache attribute also sends a client side cache header, it is not only server side. - see my details at http://stackoverflow.com/questions/1160105/asp-net-mvc-disable-browser-cache/5546328#5546328 – Adam Tuliper Jan 14 '13 at 16:57
  • @Adam Tuliper: you saved me from a misunderstanding. Thanks a lot! – phnkha Jan 14 '13 at 17:20