I'm working on e-commerce website using VB.NET. User login to buy some of products and they can see order details. Once they logged in, session for user Id is created and logged out, all sesssion is abandoned.
I logged in the site, copy one of the link(e.g. order details) and logged out. When I run the link, the page is stil displayed eventhoug session is abandoned.
If I refresh the page, the page back to login page.
This haapends some of browse开发者_JS百科r. I have tested IE, even same version of IE 8, some of them cashed the page, the o.
How can I disable cached page?
In addition to ending the session upon logout are you also telling the .NET Authentication to end? When using forms authentication, for example, you need to FormsAuthentication.SignOut();
It sounds like the page might be cached by the browser. Refreshing the page tells the browser that you don't want to see the cached version in a way that just revisiting an old page does not.
I'm hesitant to suggest a complete solution here, as it sounds like this may be a security issue for you. There are some things you can to tell the brower you would prefer it not cache the page, but browsers can be easily made to ignore this kind of instruction.
Try something like this:
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
I think you can do it this way too:
<meta http-equiv="Expires" CONTENT="0">
<meta http-equiv="Cache-Control" CONTENT="no-cache">
<meta http-equiv="Pragma" CONTENT="no-cache">
EDIT
After reading more into your question, I think you need to add some logic either in a base page or master page to validate that the user is authenticated, and redirect the user to the login page they're not.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论