Browser Back button Issue iasp.net MVC4

Question

I’m using following line of code to disable the browser back button problem after logout using asp.net MVC4.

[OutputCache(NoStore = false, Duration = 0, VaryByParam = "None")] 
        public ActionResult Logout()
        {
            try
            {
                if (Session["username"] != null)
                {
                    Session.Abandon();
                    Session.Clear();
                    Session.RemoveAll();
                    Session["username"] = null;
                    Response.Cache.SetCacheability(HttpCacheability.NoCache);
                    Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
                    Response.Cache.SetNoStore();
                    return RedirectToAction("Index", "AdminPanel");
                }

               return RedirectToAction("Error", "Home");
            }
            catch (Exception e)
            {
                return RedirectToAction("Error", "Home");
            }
        }

But, there is one problem with this code, supposing I’ve three page first is login page(Index.cshtml) and second successfully logged in page(home.cshtml) and third page is about page (about.cshtml), now I do login then it will redirect me on home.cshtml page now that I move on the third page about.cshtml and after that I do logout from about.cshtml page, it redirects me on login.cshtml page. And now if I clicked on browser back button then redirects me on about.cshtml page again but there user couldn’t change or add anything. So let me know is there any appropriate code or method to resolved this problem.

Answer 1

If you place this in your controller method that renders about.cshtml, it will work as you describe:

Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();

Not quite ideal, but puts you on the right track. Basically the browser is caching the about.cshtml from the time they were logged in. Telling the logout method not to cache the response doesn't do much since it performs a redirect rather than a render.