I have a feature in an ASP app where a user can "log in as" someone else (teachers logging in as students to check interfaces, etc). The problem is when they hit the back button and try to access things as instructors again.
What's the best wa开发者_开发问答y to prevent this? Is there a way of preventing them from going back into those pages? I do checks on individual pages for authorization, but I wonder if there isn't something more elegant.
You have to expire the cache, the following needs to be put on every page that requires authentication:
Response.AddHeader "Pragma", "no-store"
Response.CacheControl = "no-store"
Response.Expires = -1
精彩评论