Cached data on the client, can still be accessible after logout

Question

I have the following action method, which cache the data on the client for around 300 seconds:

[CheckUserPermissions(Model = "Admin")]
[OutputCache(CacheProfile = "short", Location = OutputCacheLocation.Client, VaryByHeader = "X-Requested-With")]
public ActionResult SystemInfo(int page = 1,bool forTechAudit=false)
{

But if user logout from the application using the following action method:-

public ActionResult LogOff2()
{
    // WebSecurity.Logout();
    FormsAuthentication.SignOut();
    return RedirectToAction("Index", "Home");
}

The cached data from the action method can still be accessible, so if a user navigate to the action method after logout, he will get the cached data and it will shows that he is still logged in. Can anyone advice what are the options to avoid this, so after loggin out cached data should not be accessable? And why by default this is being handled by the MVC framework ?

Thanks

try this.. this.Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1)) this.Response.Cache.SetCacheability(HttpCacheability.NoCache) this.Response.Cache.SetNoStore() — Rifaj, Jan 24 '14 at 09:11
but i do not want to disable the cache for the entire application, because on some action methods i have defined a cache profile , and i need to keep these caching . your approach will disable the cache for the entire solution , which i want to avoid. can you advice ? — John John, Jan 24 '14 at 09:51
i added the following to my logout action method :- FormsAuthentication.SignOut(); Session.Abandon(); // clear authentication cookie HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, ""); cookie1.Expires = DateTime.Now.AddYears(-1); Response.Cookies.Add(cookie1); but still the same issue is happening and user can still navigate the system after logiing out. — John John, Jan 24 '14 at 10:31

Cached data on the client, can still be accessible after logout

0 Answers0