0

I'm working on e-commerce website using VB.NET. User login to buy some of products and they can see order details. Once they logged in, session for user Id is created and logged out, all sesssion is abandoned.

I logged in the site, copy one of the link(e.g. order details) and logged out. When I run the link, the page is stil displayed eventhoug session is abandoned.

If I refresh the page, the page back to login page.

This haapends some of browser. I have tested IE, even same version of IE 8, some of them cashed the page, the o.

How can I disable cached page?

Improve this question
1

3 Answers 3

Reset to default
2

In addition to ending the session upon logout are you also telling the .NET Authentication to end? When using forms authentication, for example, you need to FormsAuthentication.SignOut();

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Meaning, I don't think caching is your problem. I think the issue is that the user's session has ended but their authentication token still exists so they are allowed in to the page. Once the page tries to refresh and use a session object then it finds no session so it redirects to the login page.
0

It sounds like the page might be cached by the browser. Refreshing the page tells the browser that you don't want to see the cached version in a way that just revisiting an old page does not.

I'm hesitant to suggest a complete solution here, as it sounds like this may be a security issue for you. There are some things you can to tell the brower you would prefer it not cache the page, but browsers can be easily made to ignore this kind of instruction.

Improve this answer

1 Comment

Thanks, even I updated code that disabled cashe, it still does not work. I think browser just ignore this. It is same version of IE 8 and react differently.
0

Try something like this:

Response.Cache.SetCacheability(HttpCacheability.NoCache); 
Response.Cache.SetNoStore();

I think you can do it this way too:

<meta http-equiv="Expires" CONTENT="0"> 
<meta http-equiv="Cache-Control" CONTENT="no-cache"> 
<meta http-equiv="Pragma" CONTENT="no-cache">

EDIT

After reading more into your question, I think you need to add some logic either in a base page or master page to validate that the user is authenticated, and redirect the user to the login page they're not.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.