jueves, 23 de abril de 2009

Dealing with Back Button and Secured Applications

Today during the development of my current assigned project, the client registered a really tricky bug. In our system we are using ASP.NET 2.0, and some times we do some ajax calls to improve the perfomance of the applications and to avoid been making postbacks when only a very few information really changes.

The problem with that approach was that when the user interacts with one of the pages that has ajax enabled behavior, and then navigates to a new page in the system and then click the back button the page was restored to its original state and the changes that were made using javascript were lost, since the page was served from cache and not for the Server.

The other problem related to the same issue was that once the user has been logged in, navigate to some pages and then logout, if he pressed the back button in the browser the pages where he was navigating were there and that was representing a potential security hole to the system.

in ASP.NET in the PageLoad Event of your page (the master page could be a better place to put it) you can try this

//Turn off cache

And Please!!!!! make yourselves a favor and add this line!


Sometimes the browser just ignores the Cache Directive.

I found a post that says that using the beforeunload event the page will be forced to reload the content from the server but it seems not to be working.

More information about this particular issue could be found here: