0

I am working on a logout method for an MVC application and I ran into a problem. Every time I logout, the application checks the user authentication and returns them to the login page.

Logout method:

[HttpGet]
    [CustomAuthorize]
    public ActionResult Logout()
    {            
        //Response.Cache.SetExpires(DateTime.Now);
        FormsAuthentication.SignOut();
        Session.Clear();
        Session.Abandon();
        Session.RemoveAll();
        return RedirectToAction("Index", "Home");
    }

The pages used after loging in all have the [CustomAuthorize] attribute.

Using MS Edge browser, if I click the Back button, the program goes through the CustomAuthorize method and if the user is logged out, it just returns them to the Login page as intended.

However, if I use any other browser (Chrome, Firefox), pressing the Back button just goes back to the previous page where I pressed the Logout button without even going through the CustomAuthorize to check the Authorization.

What could be the cause for this and what could be a possible solution to resolve this issue?

If any more information is needed, just let me know.

Thank you.

Justas

Precigus
  • 1
  • 3

1 Answers1

1

you need to disable caching globally

protected void Application_BeginRequest()
    {
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
        Response.Cache.SetNoStore();
    }
Ravi
  • 408
  • 7
  • 22
  • Globally disabling cache is workaround which is not acceptable for me, as it is only a workaround. Is there a way to disable the cache and re-enable it when I press the Logout button which performs the sign-out? I was given a hint that this kind of action might clear the cache after logging out which would prevent going back to the previous page via Back button – Precigus Feb 23 '18 at 14:22