ASP.NET MVC logout and back button

Question

I have an application in ASP.NET MVC written in C# in which the user login. Then comes a screen where you see your stuff and have the logout button (cerrar sesión). The login and logout button works but the problem is in the back button that when I press it you see the following:

Then I press F5:

And when pressing continue, the logged-in user page will reload:

In other words, when you go back, you see that blank page for the form to be sent again and when you press continue, the user's view is displayed again. Is there a way to avoid it? Currently my code is this in controller:

public ActionResult Index()
{
    Response.AppendHeader("Cache-Control", "no-store");
    return View();
}

[OutputCache(NoStore = true, Duration = 0, Location = OutputCacheLocation.None)]
public ActionResult Login(string uname, string psw)
{
    Response.AppendHeader("Cache-Control", "no-store");

    try
    {
        ConexionSQL sql = new ConexionSQL();
        var caracteres = Convert.ToString(psw);
        var usuario = sql.login(uname, psw);

        if (caracteres == "" || caracteres == null || caracteres.Equals(""))
        {
            ViewBag.Alert = "Ingrese contraseña.";
        }

        if (usuario.Count <= 0)
        {
            ViewBag.MensajeUsuario = "El usuario es inexistente.";
        }
        else if (usuario[0].nivel == 0
                 || usuario[0].nivel == 1
                 || usuario[0].nivel == 2
                 || usuario[0].nivel == 7)
        {
            return View("Login1", usuario);
        }
        else if (usuario[0].nivel == 3
                 || usuario[0].nivel == 4
                 || usuario[0].nivel == 16)
        {
            return View("Login2");
        }
        else 
        {
            return View("Index");
        }
    }
    catch (SqlException ex)
    {
        throw ex;
    }

    return View("");
}

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
    Response.AppendHeader("Cache-Control", "no-store");
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1));
    Response.Cache.SetNoStore();

    Session.Clear();

    FormsAuthentication.SignOut();
    //return View("Index");
    return RedirectToAction("Index", "Home");
}

And this is the code of the view where the logout button (cerrar sesión) is located:

@model IEnumerable<ProvidusHomeWeb.Models.Usuarios>

<!DOCTYPE html>

<html>
<head>
    <meta name="viewport" content="width=device-width" />
    <meta charset="utf-8">
    <title>Providus</title>
</head>
<body>

    @* Navigation Bar *@

    <div class="topnav">
        <a href="javascript:ruta()">Home</a>
        @using (Html.BeginForm("LogOff", "Home", FormMethod.Post, new { role = "form" }))
        {
            @Html.AntiForgeryToken()
            <button onclick="document.getElementById('id01').style.display='block'" style="width:auto;">Cerrar sesión</button>
        }
        @foreach (var item in Model)
        {
            <label>Bienvenida/o:  @Html.DisplayFor(modelitem => item.usuario)</label>
        }
    </div>
</body>
</html>

And this is the index view where the login form is:

<!DOCTYPE html>

<html>
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width" />

    <title>Providus</title>

</head>
<body>

    @* Navigation Bar *@
    <div class="topnav">
        <a href="javascript:ruta()">Home</a>
        <div class="login-container">
            <button onclick="document.getElementById('id01').style.display='block'" style="width:auto;">Login</button>
        </div>
    </div>

    <div id="id01" class="modal">
        <form class="modal-content animate" onsubmit="return control()" method="post" action="@Url.Action("Login", "Home")">
            <div class="imgcontainer">
                <span onclick="document.getElementById('id01').style.display='none'" class="close" title="Close Modal">&times;</span>
                <img src="~/Images/00.png" alt="Avatar" class="avatar">
            </div>

            <div class="container">
                <label for="uname"><b>Usuario:</b></label>
                <input type="text" id="uname" placeholder="Ingrese usuario..." name="uname" onkeypress="return soloLetras(event)">

                <label for="psw"><b>Contraseña:</b></label>
                <input type="password" placeholder="Ingrese contraseña..." id="psw" name="psw" onkeypress="return soloNumeros(event)">

                <button type="submit">Iniciar sesión</button>
            </div>
        </form>
    </div>

    <center><img class="img" src="~/Images/00.png" /></center>
    <center><p>Bienvenida/o, por favor inicie sesión.</p></center>

    <script>
        function control() {
            if (document.getElementById('uname').value == null
                || document.getElementById('uname').value == "") {
                alert("El campo no puede estar vacío.");
                document.getElementById('uname').focus();
                return false;
            }
            else if (document.getElementById('psw').value == null || document.getElementById('psw').value == "") {
                alert("El campo no puede estar vacío.");
                document.getElementById('psw').focus();
                return false;
            }
            return true;
        }
    </script>

    <center>
        <p>@ViewBag.Usu</p>
        <p>@ViewBag.Contra</p>
    </center>
</body>
</html>

Global.asax:

protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);
        }

        protected void Application_BeginRequest()
        {
            Response.Cache.SetCacheability(HttpCacheability.NoCache);
            Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
            Response.Cache.SetNoStore();
        }

score 0 · Answer 1 · answered Jul 31 '20 at 16:59

0

Add the below function in Global.asax.cs file.

    protected void Application_BeginRequest()
    {
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
        Response.Cache.SetNoStore();
    }

answered Jul 31 '20 at 16:59

Prince Painadath Jose

54
4

1

Form/post cache is independent of page cache, unfortunately, in most browsers. – John Wu Jul 31 '20 at 18:50
Think you need to find a way to keep that form/post page out of browser history. One way to do it is to redirect immediately from the page that accepts the post. Another way is to refresh the page using script. Here's a [related answer](https://stackoverflow.com/a/46192640/2791540) – John Wu Jul 31 '20 at 22:21

ASP.NET MVC logout and back button

1 Answers1