7

As new in asp.net. In my asp.net application in membership in log off on click event using function ClearSession(), but problem arises after log off if i click back button on browser it is forwarding to the cached page. How to clear cache in browser so a user could not view its profile if he is not login

protected void ClearSession()
{
    FormsAuthentication.SignOut();
    Session.Clear();
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.ExpiresAbsolute = DateTime.UtcNow.AddDays(-1d);
    Response.Expires = -1500;
    Response.CacheControl = "no-Cache";
}
Xaruth
  • 4,034
  • 3
  • 19
  • 26
Hassaan
  • 3,931
  • 11
  • 34
  • 67
  • [Browser back button issue after logout](http://www.codeproject.com/Tips/135121/Browser-back-button-issue-after-logout) – Win Mar 10 '14 at 16:47
  • 1
    Note that you can't "clear browser cache" from either server of client portion of your page and you can't configure browser's behavior (you can advice browser about caching but not force). So if you are concerned about pages staying on user's machine you are really out of luck. – Alexei Levenkov Mar 10 '14 at 16:49
  • Possible duplicate of [Making sure a web page is not cached, across all browsers](http://stackoverflow.com/questions/49547/making-sure-a-web-page-is-not-cached-across-all-browsers) – BalusC Jan 04 '16 at 11:54

2 Answers2

10

I think you are almost there. You need more HTML headers to support all browsers. According to this article on SO these are the ones that work on all browsers:

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0

The full code for this is:

HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache, no-store, must-revalidate");
HttpContext.Current.Response.AddHeader("Pragma", "no-cache");
HttpContext.Current.Response.AddHeader("Expires", "0");
Community
  • 1
  • 1
Patrick Hofman
  • 153,850
  • 22
  • 249
  • 325
0
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
response.setHeader("Pragma", "no-cache"); 
response.setDateHeader("Expires", 0);

These header will only work on pages on which they are included not for all the web application, so either you should add filter which include this header to all pages or you can disable back button.

humanshu
  • 139
  • 1
  • 6