当用户仍然登录时，浏览器后退按钮导航到登录页面

Question

I have a website that is mostly built in .NET MVC. I say mostly because the login page is done using web forms. The login page uses forms authentication. The issue is that when I use the browser back button, it navigates back to the login page when the user is still authenticated. How can I stop this from happening?

I tried to set the cache to null on load of the login page, but no luck:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();

Let me know if there is any code that may be helpful. I've never dealt with this issue before and I'm not sure what would help.

Answer 1

You could add a function that checks if they are logged in and if they are redirect them to the 'members' only page. I cannot post any code because I am on a mobile device.

Answer 2

If you want to apply the "no cache on browser back" behavior on all pages then you should put it in global.asax.

protected void Application_BeginRequest()
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
}

Answer 3

The simplest way - disabling output cache (via attribute OutputCache) for action method which is responsible to show login page and also add condition which checks that user is already logged in:

public partial class AccountController : Controller
{
        [HttpGet]
        [OutputCache(NoStore = true, Duration = 0)]
        public virtual ActionResult Index()
        {
            if (User.Identity.IsAuthenticated)
                return RedirectToAction("Index", "Home");

            LoginModel model = new LoginModel();
            return View(model);
        }
}