In this article I am going to explain how to prevent the browser caching of web pages in asp.net. It is the one of the biggest issues every developer will face.
Why browser caching?
To speed up the user experience on the web, most browsers implement a technology called caching. Caching allows information such as WebPages, images, and so on, to be saved on a user’s computer. If the user calls for a previously requested webpage, the browser is able to access the information more quickly by recalling it from a cache, rather than making another request to the site itself.
One side it is a advantage but when you display sensitive information it will be a big drawback .Recently we have found one problem in our current project where a user will log in and after does some operations and then signs out. If user clicks on back button it will still display the information as if the user was still logged in. Hmmm..... We have tried different ways to handle the issue. But we have faced issues with Firefox .
So I have decided to write logic in master page load event. And I have added some login in logout page. Here is the code.
Place this code in master page in load event
HttpContext.Current.Response.Cache.SetAllowResponseInBrowserHistory(<span style="COLOR:blue;">false</span>);
HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
HttpContext.Current.Response.Cache.SetNoStore();
Response.Cache.SetExpires(DateTime.Now.AddSeconds(60));
Response.Cache.SetValidUntilExpires(<span style="COLOR:blue;">true</span>);
In Logout page Load add this code
Response.AddHeader(<span>"Pragma"</span>, <span>"no-cache"</span>);
Response.CacheControl = <span>"no-cache"</span>;
Response.Cache.SetAllowResponseInBrowserHistory(<span style="COLOR:blue;">false</span>);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Response.Expires = -1;
Session.Abandon();
ClientScript.RegisterClientScriptBlock(<span style="COLOR:blue;">this</span>.GetType(),<span>"signout"</span>, <span>"DisableHistory()"</span>, <span style="COLOR:blue;">true</span> );
write this code in logout mark up page
function DisableHistory() {
window.history.forward(1);
}
function RedirectToHome() {
setTimeout(<span>"window.location = 'Index.aspx'"</span>,0);
}
</script>
call this RedirectToHome method in body onload of logout page
<body onload =<span>"RedirectToHome();"</span>>
Run the application.Have a fun …
The ASP.NET Wiki was started by Scott Hanselman in February of 2008. The idea is that folks spend a lot of time trolling the blogs, googlinglive-searching for answers to common "How To" questions. There's piles of fantastic community-created and MSFT-created content out there, but if it's not found by a search engine and the right combination of keywords, it's often lost.
The ASP.NET Wiki articles moved to CodeProject in October 2013 and will live on, loved, protected and updated by the community.