3

I have seen lot of questions almost similar to this. But, I haven't found an answer that will fix my problem.

I have a logout button and I used Session.Abandon() and Session.Clear() to clear the session. It works fine. But, whenever I hit the back button on browser the page is still showing. But, it's supposed to show the login form because the user already logged out.

Controller:

[HttpPost]
public ActionResult LogOut()
{
     Session.Clear();
     Session.Abandon();
     return RedirectToAction("Index", "LogIn");
}

How to fix this?.Any suggestion is highly appreciated. Thanks in advance.

Soner Gönül
  • 97,193
  • 102
  • 206
  • 364
user3462803
  • 170
  • 1
  • 2
  • 10
  • Are you using the `Authorize` attribute to check for authorization in your Actions? http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx – juanreyesv Apr 02 '14 at 06:12
  • @juanreyesv: No, I check it this way: try { connect = connection.getConnection(); model = new Models.Entities(connect); connect.Open(); connect.Close(); } catch { return RedirectToAction("Index", "LogIn"); } . What should be done instead of doing this?Thanks. – user3462803 Apr 02 '14 at 06:19

3 Answers3

9

You can set NoCache in global.asax

protected void Application_BeginRequest()
{
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
    Response.Cache.SetNoStore();
}
Ashwini Verma
  • 7,477
  • 6
  • 36
  • 56
0

You can set it to "ServerAndNoCache" to force browser not to cache the page instead server to cache the page so there are no extra load on the server.

Aniket Ahmed
  • 1
0

There is another thread where I got the answer for this Prevent Caching in ASP.NET MVC for specific actions using an attribute

My solution (.Net 6 MVC) was the one below:

using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc.Filters;
using System;

namespace YourSolutionName.Web.Mvc.Controllers.Attributes
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
    public sealed class NoCacheAttribute : ActionFilterAttribute
    {
        public override void OnResultExecuting(ResultExecutingContext filterContext)
        {
            filterContext.HttpContext.Response.GetTypedHeaders().CacheControl =
                    new Microsoft.Net.Http.Headers.CacheControlHeaderValue()
                    {
                        NoStore = true,
                        NoCache = true,
                    };

            base.OnResultExecuting(filterContext);
        }
    }
}

And then adding the [NoCache] to the controllers I wanted.

I choose this because it provided a finer control over where I wanted to disable the caching, but if you would like to do it for the whole solution, it ca be done with middleware (on Startup.cs) https://learn.microsoft.com/en-us/aspnet/core/performance/caching/middleware?view=aspnetcore-7.0

            app.UseResponseCaching();
            app.Use(async (context, next) =>
            {
                context.Response.GetTypedHeaders().CacheControl =
                    new Microsoft.Net.Http.Headers.CacheControlHeaderValue()
                    {
                        NoStore = true,
                        NoCache = true,
                    };

                await next();
            });
Leire
  • 1
  • 1