The title for this post should be fairly self-explanatory but here goes anyway. Let's say you've given up tearing your hair out trying to use Microsofts' new Membership / Role Provider controls set to implement forms authentication and have gone ahead and created your own custom user authentication system.
In your secure area you have a logout button. The user clicks logout and gets re-directed somewhere. Great so far, however when they click the back button in their browser the "secure" page they were looking at before they logged out can still be viewed. Aaaaaaaargh!
Well here's the solution, place the following code in your secure pages page load event and the problem should go away:
Response.Buffer = True
Response.ExpiresAbsolute = DateTime.Now.AddDays(-1)
Response.Expires = -1500
Response.CacheControl = "no-cache"
' in this case I simply check whether my custom login logic is returning true or false, you would 'need to write your own code here.
If CustomLogin = false then
response.redirect("login.aspx")
end if
PS. This doesn't seem to work in Firefox , aaaaaaaargh.
However, this fixes it:
HttpContext.Current.Response.Cache.SetNoStore()
Hallelujah!
No comments:
Post a Comment