注销后显示的上一页 [英] Previous page showing after logout

问题描述

当用户注销并按浏览器的后退"按钮显示浏览器历史记录中显示的页面时，我遇到了问题.我的客户不喜欢为此禁用javascript后退按钮.那么，您可以为此提供更好的解决方案吗?每个控制器的所有操作都通过检查身份验证来保护.
谢谢

Hi,
I have a problem when user logout and hit the back button of the browser the pages are showing from browser history. My client does not like to disable the back button by javascript for this. So can you provide a better solution for this? All Actions of each controller is protected by checking authentication.
Thanks

推荐答案

您需要做的是将操作呈现的内容设置为不可在客户端上缓存.单击上一步"时，它们将再次发送到您的操作(而不是缓存的内容)，并且如果您已实现 ^ ]，您将被重定向到登录页面

您可以创建一个动作过滤器，并由该过滤器设置缓存指令

http://stackoverflow.com/questions/1160105/asp-net- mvc-disable-browser-cache/1705113#1705113 [ ^ ]

然后，您只需使用filter属性标记您的控制器或动作即可应用指令.

What you need to do is set the content being rendered by the action to not be cacheable on the client. When the click Back, they will be sent to your action again (rather than the cached content) and if you''ve implemented the Authorise Attribute[^] on your actions, you will be redirected to the login page

You could create an action filter and have the cache directives set by that filter

http://stackoverflow.com/questions/1160105/asp-net-mvc-disable-browser-cache/1705113#1705113[^]

Then, you simply tag your controllers or actions with the filter attribute to apply the directives.

您应该问自己:这真的有问题吗?正如其他解决方案所指出的那样，您将看到客户端缓存的页面，因此服务器上没有负载，并且任何链接或表单(或AJAX脚本或与控制器进行通讯的任何内容)均不起作用，因此无任何作用实际上可以由注销的人完成.刷新页面还会带来一个未经身份验证的页面(无论您为此设置了什么).

您可以使用Pragma，Cache-Control和Expires标头禁用客户端缓存(在关注此类事情的浏览器中，我不确定它们都可以执行)；迪伦(Dylan)发布了一个很好的链接，说明如何使用MVC进行设置.但是，如果这样做，即使您已登录，后退按钮也会导致页面刷新/重新加载，从而使用户无法通过客户端缓存使用后退/前进.

在一些高安全性情况下，您可以证明这种行为是合理的.我非常怀疑您是否在其中任何一个方面工作，因为如果那样的话，您将不是那种在CodeProject上发布公开问题的人.因此，几乎可以肯定，我的建议是:什么也不做，这实际上不是问题.

You should ask yourself: is this actually a problem? As the other solutions state, you''re seeing client-side cached pages, so there is no load on your server, and none of the links or forms (or AJAX scripts or anything that talks to a controller) will work, so nothing can actually be done by someone who''s logged out. Refreshing the page will also bring a not-authenticated page (whatever you set up for that).

You can disable client-side caching (in browsers that pay attention to such things, I''m not sure they all do) with the Pragma, Cache-Control and Expires headers; Dylan posted a good link for how to set those with MVC. But if you do that, the back button even while you''re logged in will cause page refreshes/reloads, making it impossible for the user to use back/forward through the client-side cache.

There are a few high security situations where you can justify this behaviour. I very much doubt you''re working in any of those, because if you were then you wouldn''t be the kind of person who posts open questions on CodeProject. So, almost certainly, my advice is: don''t do anything, this is not actually a problem.

您可能正在看到缓存的页面.在用户实际使用该页面并提交内容之前，它们不会受到注销的影响.

您如何禁用缓存以及如何决定要访问哪些页面或整个站点.

You''re probably seeing the cached pages. They will not be affected by a logout until the user actually goes to use the page and submit something.

How you diable caching and for which pages or your entire site is up to you.

这篇关于注销后显示的上一页的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！