Today I was fighting with the well-known problem with Back button in Internet browsers for a session agnostic Web applications. Simply put, you have a Web app and at some point of time you want to sign out. Then you normally destroy the user's server side session, but the problem is that the user still can hit his Back button on the Internet browser and see a the cached content from the pages he/she has visited.
Well, this problem has been resolved long time ago - I remember it since the early ASP days. So normally what is done is to set the content expiration to immediate to *all* pages within your Web application. Of course, sometimes, this may be not desirable, but still in my cases it was essential not to give the user the possibility to go back. So the solution is to set 3 HTTP headers to all HTTP responses - Pragma, CacheControl and Expires.
Today, I had the same problem while implementing the logout functionality of our ASP.NET 2.0 based Web application (just to mention we are using very cool stuff like Microsoft Atlas, SQL 2005, Virtual Earth API - fascinating, isn't it?). Again, the old solution seems to be working (setting the aforementioned HTTP headers), but I somehow decided to try out the LogingStatus control. This control changes its state based on the current user status - if he is logged in it is a link which will allow him to Logout and if he is not authenticated - it will be "Login" link. And here are the good news - if you use this control, there is no need to set these headers to your whole application - it is done automatically to you when you use this control. Pretty sweet! :)
i am new to this, can you show how to do this?
ReplyDelete