In my ASP.NET site, when a user clicks logout, I call FormsAuthentication.SignOut and Session.Abandon and redirect them to the login page. This works fine.
However, when I click "back" in the browser I can still开发者_Python百科 see the last page viewed before logout was clicked. When I click on anything I am returned to the logon page as expected.
Is there anyway to expire the page that logout was clicked on so that users never see it when they click back?
Prevent credential and content caching:
First, ensure the forms cookie is not being created sticky:
FormsAuthentication.SetAuthCookie(userName, false);
Next, a little something in the Global.asax to prevent page requests from caching:
public override void Init()
{
base.Init();
BeginRequest += new EventHandler(OnBeginRequest);
}
void OnBeginRequest(object sender, EventArgs e)
{
if (!(Request.Path.EndsWith("Resource.axd")))
{
Response.Cache.SetExpires(DateTime.UtcNow.AddSeconds(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
}
}
The combination of the above two approaches has fixed a similar issue in a few apps I've worked on. We intentionally allowed .axd file caching to keep performance impact as minimal as possible - we have heavy use of third party controls that generate axd requests in the background.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论