发表新帖
发表新帖

Is there a way to keep a page from rendering once a person has logged out but hit the “back” button?

前端 未结
关注
16 1847
感情败类
感情败类 2020-12-01 05:18

I have some website which requires a logon and shows sensitive information.

The person goes to the page, is prompted to log in, then gets to see the information.

相关标签:
16条回答
  • 臣服心动
    2020-12-01 05:59

    Well, in a major brazilian bank corporation (Banco do Brasil) which is known by having one of the world´s most secure and efficient home banking software, they simply put history.go(1) in every page.So, if you hit the back button, you will be returned. Simple.

    0 讨论(0)
  • 青春惊慌失措
    2020-12-01 06:02

    I don't know how to do it in ASP.NET but in PHP I would do something like:

    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");

    Which forces the browser to recheck that the item, so your authentication checking should be triggered, denying the user access.

    0 讨论(0)
  • 旧巷少年郎
    2020-12-01 06:02

    The correct answer involves use of setting the HTTP Cache-Control header on the response. If you want to ensure that they never cache the output, you can do Cache-Control: no-cache. This is often used in coordination with no-store as well.

    Other options, if you want limited caching, include setting an expires time and must-revalidate, but these could potentially all cause a cached page to be displayed again.

    See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.4

    0 讨论(0)
  • 萌比男神i
    2020-12-01 06:07

    Cache and history are independent and one shouldn't affect each other.

    The only exception made for banks is that combination of HTTPS and Cache-Control: must-revalidate forces refresh when navigating in history.

    In plain HTTP there's no way to do this except by exploiting browser bugs.

    You could hack around it using Javascript that checks document.cookie and redirects when a "killer" cookie is set, but I imagine this could go seriously wrong when browser doesn't set/clear cookies exactly as expected.

    0 讨论(0)
  • 滥情空心
    2020-12-01 06:07

    DannySmurf, <meta> elements are extremely unreliable when it comes to controlling caching, and Pragma in particular even more so. Reference.

    0 讨论(0)
  • 没有蜡笔的小新
    2020-12-01 06:07

    For completeness:

    Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Response.Cache.SetExpires(DateTime.Now.AddMinutes(-1));
    0 讨论(0)
 看不清?
提交回复
热议问题