MVC 4 - 注销后的后退按钮问题

时间:2012-08-24 13:14:24

标签: asp.net-mvc asp.net-mvc-4 browser-cache back-button

我已阅读过很多帖子,其中有人遇到过类似问题,但没有找到合适的解决方案。我有一个MVC 4站点,我不想从整个网站中删除缓存,因为我想缓存页面。当用户单击注销按钮时,它会成功注销并重定向到登录页面,但是当用户单击后退按钮时,它会显示以前查看过的“受限页面”,如果您已登录,则应该只能看到该页面。我明白了这是因为浏览器缓存了页面客户端。我已经尝试了许多解决方案,如前所述,它们都不起作用。目前我的注销有以下代码:

    public ActionResult LogOff()
    {

        FormsAuthentication.SignOut();
        Session.Abandon();
        Session.Clear();

        // clear authentication cookie 
        HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
        cookie1.Expires = DateTime.Now.AddYears(-1);
        Response.Cookies.Add(cookie1);

        // clear session cookie (not necessary for your current problem but i would recommend you do it anyway) 
        HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
        cookie2.Expires = DateTime.Now.AddYears(-1);
        Response.Cookies.Add(cookie2); 

        // Invalidate the Cache on the Client Side 
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
        Response.Cache.SetNoStore();

        Response.AppendHeader("Pragma", "no-cache");

        // send an expired cookie back to the browser 
        var ticketExpiration = DateTime.Now.AddDays(-7);
        var ticket = new FormsAuthenticationTicket(
            1,
            // replace with username if this is the wrong cookie name 
            FormsAuthentication.FormsCookieName,
            DateTime.Now,
            ticketExpiration,
            false,
            String.Empty);
        var cookie = new System.Web.HttpCookie("user")
        {
            Expires = ticketExpiration,
            Value = FormsAuthentication.Encrypt(ticket),
            HttpOnly = true
        };

        Response.Cookies.Add(cookie); 

        return RedirectToAction("Login", "Account");
    }

4 个答案:

答案 0 :(得分:4)

如果您想在所有页面上应用“浏览器上没有缓存”行为,那么您应该将以下内容放在global.asax中。

protected void Application_BeginRequest()
{
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
    Response.Cache.SetNoStore();
}
希望它可以帮到某人!

答案 1 :(得分:0)

您可以在浏览器窗口中使用哈希更改事件,在回发时触发ajax请求,这显然会在您注销时失败。从那里你可以触发浏览器做任何你喜欢的事情。

答案 2 :(得分:0)

将以下代码行添加到 Global.asax.cs 文件。

protected void Application_BeginRequest()
{
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
    Response.Cache.SetNoStore();
}

答案 3 :(得分:0)

    Response.ClearHeaders();
    Response.AddHeader("Cache-Control", "no-cache, no-store, max-age=0, 
    must-revalidate");
    Response.AddHeader("Pragma", "no-cache");

    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Buffer = true;
    Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
    Response.Expires = 0;
相关问题
最新问题