2

I am working on an asp.NET 4.0 Web Application with C#. I am currently authentication with the use of sessions, and on logout I am clearing the session. However there is a problem when the user presses back, he is still able to see the cached page. I would like to disable caching, of such pages, or make sure that it is checked for.

What is the best way of doing this? If I set the server to not store cached information, will this effect all the applications or will it just be my application?

Ryan S
  • 3,210
  • 17
  • 48
  • 79

2 Answers2

7

Add this in page_load

Response.Cache.SetCacheability(HttpCacheability.NoCache);

This is the only true answer although it's important to know that it's only a request to the browser to stop caching - it doesn't necessarily have to follow.

This needs to be included on every page you don't want the user to 'back button' onto.

m.edmondson
  • 30,382
  • 27
  • 123
  • 206
Muhammad Akhtar
  • 51,913
  • 37
  • 138
  • 191
  • @m.edmondson; Thanks for editing and adding proper description. – Muhammad Akhtar Aug 25 '11 at 12:45
  • 1
    It won't stop the user pressing back and viewing the page they just viewed either. It's just the way browsers work. – Simon Halsey Aug 25 '11 at 13:31
  • Is this how you get the "this page has expired" behavior in some browsers when using the back button? – pseudocoder Aug 25 '11 at 13:55
  • Authentication cookie or session cookie are not completely cleared after calling FormsAuthentication.SignOut(); Session.Abandon(); See this accepted answer on how to programatically expire these cookies: http://stackoverflow.com/a/1306932/463478 – Only You Apr 29 '14 at 19:26
0

You can add following lines in Page_Init of Master page

protected void Page_Init(object sender, EventArgs e)
    {
        Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetNoStore();
    }
RSB
  • 359
  • 5
  • 10