0

My application is in Asp.Net MVC3, i have two Users(Admin and general).Im maintaining the cookies of the Logged In users.

Below is my Cookie code.

 public static void setCookiestring Password ,string UserName)
 {
     HttpCookie MyCookie= new HttpCookie("MyCookies");
     MyCookie["Password"] = Password;
     MyCookie["UserName"] = UserName;
     MyCookie.Expires.Add(new TimeSpan(0,30,0));
     HttpContext.Current.Response.Cookies.Add(MyCookies);
 }

Below is code of how my cookie Expires when user Logs Out

public static bool logout()
        {
            HttpCookie MyCookie= new HttpCookie("MyCookies");

            MyCookie.Expires = DateTime.UtcNow.AddDays(-1);
            HttpContext.Current.Response.Cookies.Add(MyCookies);
            return true;
        }

I have tried to check the Cookie on every Index() of Controller.If the Cookie exists it should navigate to desired page else it should go to Home.

 if (!Cookie.CheckCookie())
    {
       //use the current url for the redirect       
       filterContext.HttpContext.Response.Redirect("~/Home/Index", true);
    }

When the user clicks Log Out they are Redirected to Home,but after clicking Back button,the last visited page is can be viewed. What can i do so that when the user clicks on LogOut and if they click back button they should still get Redirected to Home and not to Last Visited Page. Please Suggest

Sam M
  • 1,077
  • 2
  • 20
  • 42

1 Answers1

1

One way to prevent this is to exclude all authenticated pages from being cached on the client side by setting the appropriate response headers. You may take a look at the following post for an example of an action filter that you could apply to the authenticated part of your site.

Community
  • 1
  • 1
Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • @SamMKhan, so you are saying that even if the Index action is decorated with the NoCache attribute you are still being able to navigate back to it using the `Back` button? This wasn't the case when I tested it. – Darin Dimitrov Dec 15 '11 at 07:48
  • have a look at my NoCache Code `public class NoCache : ActionFilterAttribute { public override void OnResultExecuting(ResultExecutingContext filterContext) { var response = filterContext.HttpContext.Response; response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1)); response.Cache.SetValidUntilExpires(false); response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches); response.Cache.SetCacheability(HttpCacheability.NoCache); response.Cache.SetNoStore(); } }` – Sam M Dec 15 '11 at 07:52
  • here is my Home Controller `[NoCache] public ActionResult Index() { return View(); }` M i going wrong anywhere or do i need to make any further changes? – Sam M Dec 15 '11 at 07:54
  • 1
    @SamMKhan, yes, that's the correct code that works for me. But is it the Index action that represents an authenticated resource in your application? You should decorate with the NoCache attribute only the actions/controllers that are part of your authenticated region of the site. So that once the user logs out, he cannot use the Back button to go back to one of those actions and that they are not served from the cache. – Darin Dimitrov Dec 15 '11 at 07:55
  • Super Perfect Solution @Darin – Sam M Dec 15 '11 at 08:27