3

我读过很多帖子,人们遇到过类似的问题,但还没有找到可行的解决方案。我有一个 MVC 4 站点,我不想从整个网站中删除缓存,因为我想缓存页面。当用户单击注销按钮时,它会成功注销并重定向到登录页面,但是当用户单击后退按钮时,它会显示以前查看过的“受限页面”,您应该只能在登录后才能看到。我知道这是因为浏览器已经缓存了页面客户端。我尝试了许多解决方案,如前所述,它们都不起作用。目前我的注销有以下代码:

    public ActionResult LogOff()
    {

        FormsAuthentication.SignOut();
        Session.Abandon();
        Session.Clear();

        // clear authentication cookie 
        HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
        cookie1.Expires = DateTime.Now.AddYears(-1);
        Response.Cookies.Add(cookie1);

        // clear session cookie (not necessary for your current problem but i would recommend you do it anyway) 
        HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
        cookie2.Expires = DateTime.Now.AddYears(-1);
        Response.Cookies.Add(cookie2); 

        // Invalidate the Cache on the Client Side 
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
        Response.Cache.SetNoStore();

        Response.AppendHeader("Pragma", "no-cache");

        // send an expired cookie back to the browser 
        var ticketExpiration = DateTime.Now.AddDays(-7);
        var ticket = new FormsAuthenticationTicket(
            1,
            // replace with username if this is the wrong cookie name 
            FormsAuthentication.FormsCookieName,
            DateTime.Now,
            ticketExpiration,
            false,
            String.Empty);
        var cookie = new System.Web.HttpCookie("user")
        {
            Expires = ticketExpiration,
            Value = FormsAuthentication.Encrypt(ticket),
            HttpOnly = true
        };

        Response.Cookies.Add(cookie); 

        return RedirectToAction("Login", "Account");
    }
4

4 回答 4

4

如果您想在所有页面上应用“浏览器背面无缓存”行为,那么您应该将以下内容放在 global.asax 中。

protected void Application_BeginRequest()
{
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
    Response.Cache.SetNoStore();
}

希望它可以帮助某人!

于 2013-08-26T09:06:46.023 回答
0

您可以使用浏览器窗口上的哈希更改事件,在回发时触发 ajax 请求,这显然会在您注销时失败。从那里你可以触发浏览器做任何你喜欢的事情。

于 2012-08-24T14:41:32.083 回答
0

将以下代码行添加到Global.asax.cs文件中。

protected void Application_BeginRequest()
{
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
    Response.Cache.SetNoStore();
}
于 2017-09-03T05:16:53.753 回答
0 
    Response.ClearHeaders();
    Response.AddHeader("Cache-Control", "no-cache, no-store, max-age=0, 
    must-revalidate");
    Response.AddHeader("Pragma", "no-cache");

    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Buffer = true;
    Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
    Response.Expires = 0;
于 2018-04-17T10:04:58.907 回答