Best IT Recipes

Clear session when logging out of MVC 4

I need to know how to clear a session when exiting MVC 4 asp.net I tried almost everything, but all in vain.

  [AllowAnonymous] public ActionResult SignOut() { Response.AddHeader("Cache-Control", "no-cache, no-store,must-revalidate"); Response.AddHeader("Pragma", "no-cache"); Response.AddHeader("Expires", "0"); Session.Abandon(); Session.Clear(); Response.Cookies.Clear(); Session.RemoveAll(); Session["Login"] = null; return RedirectToAction("Index", "Login"); }

Session.Clear ();

Session.Abandon ();
Clear Cookies
establish a Null session upon logout, etc.

but when I click the back button of the browser. it is redirected to the same account. help me how would I clear the session variable when I press the logout button. I tried each of the above one at a time, and then in a group, but the same result.

+3
asp.net-mvc-4
Jan 02 '15 at 6:19 06:19
source share
2 answers

When you click the "Back back" button, it will bring the page from the cache not from the server. But the user will not be able to perform any actions on the page displayed after the "Back" button.

If you still want the page not to display, you must delete the cache. This is the best practice. Here is the code. (Entry in Global.asax.cs file)

  protected void Application_BeginRequest() { Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1)); Response.Cache.SetNoStore(); }

After writing this code, the user will not see the previous page after clicking the button.

The code written above to clear the Session object is right. No need to change anything.

+1
Jan 02 '15 at 6:26
source share

When the user clicks the back button, the browser displays a cached version of the page, which is exactly what the user saw when he first loaded this page. However, there is no contact with the server at all to show this cached version of the page. The cached version of the page will look exactly the same as when loading it, so you can see the user who was registered when the page was loaded. However, this does not mean that the user is still registered.

If you want the user not to return to the previous cached pages, the easiest way is to delete the browser history when the user logs out. You cannot do this directly, but there is a workaround that gives the same result. Run this javascript:

 var Backlen=history.length; history.go(-Backlen); window.location.href='new page url';

So, you need to return the page with this JavaScript, and where you read the 'new page url' , you need to insert the page into which you want to redirect the user when he logs out.

Of course, avoiding caching, as in Ravinder Singh's answer, is an option, but it is not recommended to avoid caching all pages by the browser.

+2
Jan 02 '15 at 9:40
source share


More articles:


All Articles