IE Page caching

[Sink]

I am using forms authentication and session variables
to control access and disallow "data stripping".
Some query strings are used, but the Users access is
verified before allowing access.
Illegal access is diagnosed, the user is logged off,
session vars are cleared and he is redirected to a
login page with a warning for the security violation.
All works fine, but if he hits the back key in the browser,
he returns to his previous page, no page_load events
are notified.
At first I thought this was a problem with sessions
and the forms security, but realized this is simply IE
caching at work, hence no events.
Is there a way clear out the IE cache upon such a
violation, i.e., clear the cache when I want to ?
Thanks for reading this,
Sink

 

[Joe Audette]

You might try expiring the content immediately to prevent
IE from caching it.
Response.Expires = -1;

Joe

 

[Sink]

Hi Joe,
Thanks for the response. The only problem I would
have with having all responses expire immediately is
that then the back button would never work and
the expired message is really annoying.
Is there another way?
Sink

 

[MSFT]

Hi Sink,

you can't actually disable back button but you can prevent it going back,
by using javascripts history.forward function. When you logged off from
page A and wants to goto page C, take page B as middle page ...instead of
going to page C directly ..go via page B:

your page B will redirect to page C and will be having javascript
history.forward function.

here is the code

you need to put in pageB

<script language="javascript">
window.location="pageC.html"
window.history.forward(2);
</script>

Hope this help,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[MSFT]

And here is a tested solution for ASPX:

Webform1:

<%@ Page language="c#" Codebehind="WebForm1.aspx.cs"
AutoEventWireup="false" Inherits="WebApplication8.WebForm1" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>WebForm2</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema"
content="http://schemas.microsoft.com/intellisense/ie5">
<script language="javascript">

function b() {
window.open("webform2.aspx","_self",null,true);
}
</script>
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server">
<INPUT id="button2" onclick="b();" type="button" value="Button">
</form>
</body>
</HTML>


In webform2:

private void Page_Load(object sender, System.EventArgs e)
{
Response.Redirect ("WebForm3.aspx");
}


After you click the button on Webform1, the browser will open webform3 and
the Back button is disabled.

Hope this help,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)