caching? problem with forms authentication and IE (but not Netscape?)

Discussion in 'ASP .Net Security' started by Chuck Doucette, Sep 23, 2003.

  1. I have a web application with at least three pages:

    /index.aspx (home page)
    /login.aspx (login page)
    /my/portfolio.aspx (private page - needs authentication)

    If I attempt to go directly to the private page, I am properly
    redirected to the login page. If the login is successful, I am then
    redirected to the private page. Once I'm on the private page, I click
    on an image button to logout, which logs me out by effectively
    deleting the non-persistent authentication cookie, and then redirects
    me back to the home page.

    Then, when I am using IE, if I attempt to go directly to the private
    page again, I can see it, or at least a cached version of it. I am not
    redirected to the login page as I should be. If I push reload on the
    browser, I see the login page instead, although the URL in the address
    window implies that I'm still looking at the private page. However, if
    I clear the temporary files in IE right before I attempt to go
    directly back to the private page, then I am properly redirected to
    the login page (with the correct URL displayed in the address bar).

    If I use Netscape, everything appears to work fine on the first try
    (unlike IE). I don't have to clear the cache.

    Is this a bug in ASP.NET (server-side), IE (client-side), or a
    user-error?

    Do I need to explicitly disable caching on all of my private pages?
    If so, should I do it like this (from the Page_Load method of my
    private page)?

    Response.AppendHeader("pragma","no-cache");
    Response.AppendHeader("cache-control", "no-cache");

    Thanks for any help or insight!

    Chuck
     
    Chuck Doucette, Sep 23, 2003
    #1
    1. Advertising

  2. When I explicitly disabled client-side (browser) caching as I described below,
    my application worked as expected. After I logged out, I was not able to
    view the private page again but was redirected to the login page instead
    (as I should be).

    So, isn't this an IE bug, or is it IEs right to try to cache whatever it
    wants to unless I tell it otherwise? Do I need to set some sort of expiration?

    Thanks,
    Chuck

    (Chuck Doucette) wrote in message news:<>...
    > I have a web application with at least three pages:
    >
    > /index.aspx (home page)
    > /login.aspx (login page)
    > /my/portfolio.aspx (private page - needs authentication)
    >
    > If I attempt to go directly to the private page, I am properly
    > redirected to the login page. If the login is successful, I am then
    > redirected to the private page. Once I'm on the private page, I click
    > on an image button to logout, which logs me out by effectively
    > deleting the non-persistent authentication cookie, and then redirects
    > me back to the home page.
    >
    > Then, when I am using IE, if I attempt to go directly to the private
    > page again, I can see it, or at least a cached version of it. I am not
    > redirected to the login page as I should be. If I push reload on the
    > browser, I see the login page instead, although the URL in the address
    > window implies that I'm still looking at the private page. However, if
    > I clear the temporary files in IE right before I attempt to go
    > directly back to the private page, then I am properly redirected to
    > the login page (with the correct URL displayed in the address bar).
    >
    > If I use Netscape, everything appears to work fine on the first try
    > (unlike IE). I don't have to clear the cache.
    >
    > Is this a bug in ASP.NET (server-side), IE (client-side), or a
    > user-error?
    >
    > Do I need to explicitly disable caching on all of my private pages?
    > If so, should I do it like this (from the Page_Load method of my
    > private page)?
    >
    > Response.AppendHeader("pragma","no-cache");
    > Response.AppendHeader("cache-control", "no-cache");
    >
    > Thanks for any help or insight!
    >
    > Chuck
     
    Chuck Doucette, Sep 23, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,523
    Tommy
    Feb 13, 2004
  2. Manuel
    Replies:
    3
    Views:
    761
    =?Utf-8?B?RXJpYyBXaWxzb24=?=
    Jan 5, 2006
  3. Paul
    Replies:
    1
    Views:
    127
    Edmond Goon
    Jun 21, 2004
  4. Eric
    Replies:
    2
    Views:
    595
  5. I.W Coetzer
    Replies:
    3
    Views:
    474
    Alexey Smirnov
    May 7, 2007
Loading...

Share This Page