Showing posts with label Cache. Show all posts
Showing posts with label Cache. Show all posts

July 16, 2014

Browser Back Button Working After Logout

Here is a scenario in an application where the user logs out which takes them back to the login page but when the user hits the back button, he/she can view the previous page. During the log out event, Session is cleared and caching is disabled but the previous page is still shown. So, how can we work around this?

The browser history is an option to go back to previously visited pages (both forward & backward). The browser caches psges visited and the history buttons - backward and forward can be considered as a pointer that is linked to the page previously visited by the user.

So, to fix the issue, we need to make sure the pages don't get cached. Since the pages are behind authentication - it makes perfect sense not to cache the pages at all. We can implement the caching or not caching in the following ways in asp.net.

Option 1 - Code behind
  1. protected void Page_Load(object sender, EventArgs e)
  2. {
  3.     Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);
  4.     Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
  5.     Response.Cache.SetNoStore();
  6. }

 

Option 2 - Works on any page
  1. <head runat="server">
  2.     <title></title>
  3.     <meta http-equiv="Cache-Control" content="no-cache" />
  4.     <meta http-equiv="Pragma" content="no-cache" />
  5.     <meta http-equiv="Expires" content="0" />
  6. </head>

 

In the above code, you can paste the code in the master page for the authenticated pages or alternatively, if there is no fixed master page for authenticated pages - then, it needs to be places on all all required pages.

March 15, 2014

Disable Browser Cache using IIS

In the previous post, I showed how to disable browser caching of a asp.net page and application using asp.net code. In this article, I will show how to disable caching using IIS. Again, note that, there should be a good enough reason to disable browser caching as it will impact performance for repeat visitors.

To disable caching, I will add the necessary caching directives in the response headers. To start with open IIS, select the site or the virtual directory and then click on “HTTP Response Headers” under IIS subheading.

 image

Then, from the Actions pane, click on Add. A prompt will open up. Type in the values and click OK.

image

Click Add again to enter the Pragma directive.

image

And Add another one for Expires.

image

The Response Headers section should appear like below now.

image

 

That’s it – caching will now be disabled for the application on the browser.

Disable Browser Cache in asp.net

So, I have an asp.net application and I want to disable browser caching. Well, to start with, we should have a good reason not to cache the application - caching is there for improving page loading speed. Okay, once there is a good enough reason to not to allow client side caching, we can do so by setting proper response headers in the page. These headers are

Cache-Control : no-cache
Cache-Control: s-maxage=0
Cache-Control : no-store
Cache-Control: must-revalidate
Expires : date time in the past

Now, we can either set these values either at the page level or at the application level. Doing it at the page level is easy - just run the code from the Page_Load event. Doing it at the application level is a bit difficult. If you are using the same master page for the whole site or have extended the Page class and created pages using the extended Page class then you can place the code in the appropriate Page_Load event. Note that, you can also set site / application wide response headers using IIS.

Here is the code to disable browser caching using asp.net.

  1. private void DisableCache()
  2. {
  3.     Response.Cache.SetCacheability(HttpCacheability.NoCache); //Cache-Control : no-cache, Pragma : no-cache
  4.     Response.Cache.SetExpires(DateTime.Now.AddDays(-1)); //Expires : date time
  5.     Response.Cache.SetNoStore(); //Cache-Control :  no-store
  6.     Response.Cache.SetProxyMaxAge(new TimeSpan(0, 0, 0)); //Cache-Control: s-maxage=0
  7.     Response.Cache.SetValidUntilExpires(false);
  8.     Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);//Cache-Control:  must-revalidate
  9. }

 

Here is the Response headers view in Firefox when the page is run.

image

Reference: Shahed Kazi at AspNetify.com