How to prevent user from going back to the login-page after successful login using back button

前端未结

关注

 2  2075

眼角桃花 2021-01-06 09:30

I am working on an MVC3 application and is stuck with a login security issue. The scenario is when a user logs-in with his/her username and password, if correct, he/she will

2条回答

谎友^ (楼主)

2021-01-06 10:20

you need to expire cache and headers, here is what i use:

  <% HttpContext.Current.Response.Cache.SetAllowResponseInBrowserHistory(false);
   HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
   HttpContext.Current.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
   HttpContext.Current.Response.Cache.SetValidUntilExpires(false);
   HttpContext.Current.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
   HttpContext.Current.Response.Cache.SetNoStore();
   Response.Cache.SetExpires(DateTime.Now);
   System.Web.HttpContext.Current.Response.AddHeader("Pragma", "no-cache");
   Response.Cache.SetValidUntilExpires(true);
   Response.Buffer = true;
   Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0));
   Response.Expires = 0;
   Response.CacheControl = "no-cache";
   Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-4)); 
   Response.ExpiresAbsolute = DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0));
   Response.AppendHeader("Pragma", "no-cache");
   Response.Cache.AppendCacheExtension("must-revalidate, proxy-revalidate, post-check=0, pre-check=0");
%>

Add this in page head and the next time user try to go back it will request new page load.

0 讨论(0)

查看其它2个回答