Edward BreyEdward Brey 41.9k2121 gold badges212212 silver badges268268 bronze badges one Unfortunately this does not look to work, as hitting the back button after a sign out displays the page.
These directives does not mitigate any safety danger. They are really intended to force UA's to refresh risky information, not preserve UA's from becoming retaining information.
Important to know is that when an HTML page is served above an HTTP connection, plus a header is present in the two the HTTP response headers and also the HTML tags, then the 1 laid out in the HTTP response header will get priority in excess of the HTML meta tag.
7 @Accountant: in his scenario, the person had logged out. Who will assurance that the following human person on that Consumer-Agent will likely be the one that just logged out?
window.onbeforeunload = function () // This purpose does practically nothing. It will not likely spawn a confirmation dialog // But it will make certain that the page is not cached through the browser.
bobincebobince 537k111111 gold badges672672 silver badges844844 bronze badges 3 @bobince, Thanks! I am going to preserve this in mind if I have any issues with Net proxies, but my "team" keeps me absolutely on the entrance-close and provides me no access to your headers.
I discovered the web.config route valuable (attempted to insert it to The solution but doesn't appear to have been approved so putting up here)
of caching. Every hit for the page will generate a request to your server, Even when you're just serving the same page all of the time. That could necessarily mean a significant rise in server load, which a giant site (or even a rinky-dink Net server) would find undesirable.
Conversely, the shorter the information's shelf life, the more likely that caching will truly get in just how and hold individuals from obtaining the most up-to-day content.
with this Resolution back again click is permit on every page and disable only just after logout on Every page within the same browser.
Sending the same header twice or in dozen parts. Some PHP snippets out there in fact replace former headers, causing only the last 1 currently being sent.
The approved reply is correct in which headers needs to be set, but not in how they have click here to be established. In this manner works with IIS7:
For anyone who is utilizing MVC4+ bundling and minification, you'll be wanting to maintain the default cache durations for scripts and stylesheets (very long durations, Because the cache will get invalidated based on a change to a unique URL, not based on time).
I haven't tried out it nonetheless, even so the OP's location (placing the headers during the ASP page itself) is most likely better.