page caching -- asp.net caching

Adam K
4/17/2005 12:00:00 AM

Dear all
I'm having a probelm concerning the security of my application.
the problem is when a user is loggoed in and then he looged out i redirect
him to the main page of my application but if he clicks on the Browser's
"back button" he could then enter to the application.
i'm removing all sessions concerning the applcation on logout but i would
like to know how could i handle the "Back button click event" of the
browser"
I know I can't handle the back button of the browser, since it is a
client-side
event.
If I disable cash ie, put
Response.Cache.SetCacheability(HttpCacheability.NoCache) in the
Page_Load event handler. This will help, but it will disable page caching.
The problem is that I need of page caching.

LOZANO-MORÁN, Gabriel
4/18/2005 12:00:00 AM

Haven't tried it out but it should look something like this.

1)
Add this to your Page_Load():
Response.Cache.SetVaryByCustom("LoggedIn");

2)
Then in the global.asax file override the GetVaryByCustomString:
public override string GetVaryByCustomString(HttpContext context, string
arg)
{
if (arg == "LoggedIn")
{
return Session["LoggedIn"];
}
}

3)
When a users logs in you set the Session variable "LoggedIn" to "true" when
you log him/her out you set the session variable to "false".

Gabriel Lozano-Morán
Software Engineer
Sogeti

[quoted text, click to view]

asp.net caching : page caching