我认为这是一个很常见的话题,但我无法解决我的问题。在使用 ASP.NET MVC 3 构建的应用程序中,我使用表单例份验证和输出缓存:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" name=".CMS" protection="All" timeout="43200" cookieless="UseCookies"/>
</authentication>
<caching>
<outputCacheSettings>
<outputCacheProfiles>
<add name="Dynamic" duration="3600" location="Client" varyByParam="id" />
</outputCacheProfiles>
</outputCacheSettings>
</caching>
我的 LogOff
操作如下所示:
public ActionResult LogOff()
{
_formsService.SignOut();
return RedirectToAction("Index", "Dynamic");
}
此操作使用简单的 SignOut
方法:
public void SignOut()
{
FormsAuthentication.SignOut();
HttpContext.Current.Session.Abandon();
// clean auth cookie
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, string.Empty);
authCookie.Expires = DateTime.Now.AddDays(-1);
HttpContext.Current.Response.Cookies.Add(authCookie);
// clean session cookie
HttpCookie sessionCookie = new HttpCookie("ASP.NET_SessionId", string.Empty);
sessionCookie.Expires = DateTime.Now.AddDays(-1);
HttpContext.Current.Response.Cookies.Add(sessionCookie);
}
但是问题如下:
页面http://localhost/app/dynamic/page受到保护。在登录之前我无法进入此页面。登录后,我可以浏览该页面。注销后,再次进入该页面,不幸的是我仍然可以查看其内容。
当启用缓存并且我之前访问过此类页面时,如何在注销后阻止访问 protected 页面?我做错了什么? cookies 应该用其他方式清理吗?
问候
最佳答案
页面仍被缓存。您需要添加以下响应 header :
cache-control : no-cache
这实际上并不能阻止缓存。
cache-control
响应 header 的 no-cache
指令意味着浏览器
MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server.
如果您确实想要阻止缓存,请指定no-store
指令。这告诉浏览器它
MUST NOT store any part of either this response or the request that elicited it. This directive applies to both non-shared and shared caches. "MUST NOT store" in this context means that the cache MUST NOT intentionally store the information in non-volatile storage, and MUST make a best-effort attempt to remove the information from volatile storage as promptly as possible after forwarding it.
有关 cache-control 的详细信息,请参阅 HTTP 1.1 规范及其指令。
关于c# - ASP.NET MVC 3 中注销时清理浏览器缓存和 cookie 的问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5031731/