Prevent user from going back to the previous secured page after logout
Question
I am facing an issue in MVC that i am able to visit the previous page on browser back button click even after getting logged out. I have few approaches:
1) Disable the Browser back button using window.history.forward() . This will give bad user experience.
2) Using outputCacheAttribute by providing the duration=0 but this will restrict both server side and client side caching. SO don't want to use this.
3) Adding below method in global.asax.cs
protected void Application_BeginRequest()
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
}
Third approach will not allow to make the copy of the cache to the browser. Also to make this work I have to add the [Authorize] attribute on each controller. This is not the best option for me as I have hundreds of controller. And tomorrow if I will add new controller then again I have to decorate the Authorize attribute to that new controller.
Is there any other approach that any one of you can suggest.
1 answers
solution1
0 2015-08-14 16:27:34
You can only add this attribute:
[OutputCache(NoStore = true, Duration = 0, Location = OutputCacheLocation.None)]
Public ActionResult SomeAction()
{
//
}
Disabling cache in specific action should be enough I guess.
Or if you still do not want to destroy cache just couple of places, you can do that in your LOGIN function, you can add previous Attribute, or just use this when someone signs out:
Session.Clear();
Session.Abandon();
I wish it will help, since I havent got much time on testing it myself.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.