Geek Answers Handbook

IE7 Classic ASP Cache

I have a classic asp website that uses session variables to store login state i.e. userid, isloggedin etc. When you log out, the session variables are reset and Session.Abandon () is called, and then redirected to the login page. In IE7, I noticed that after logging out, I can enter the previously visited URL and see what looks like a cached version of its state before logging out. Pressing ctl-f5 will reboot from the server again and redirect to the login page. This is the behavior that I want to perform even if the URL is entered without ctl-f5. Does anyone know how to get this behavior?

+4
source share
4 answers

set no-cache headers so that pages are not cached in the first place. cm:

http://support.microsoft.com/kb/234067

+4
source

I think mkoryak responding (using headers without a cache) seems to be the best. If you want certain pages to be displayed only when a user logs in, the best way is to tell the browser not to cache the page. In addition, schemes such as setting cookies and using javascript determine the login state on the client, just reinvent the wheel.

If you want to use some caching, and your page is not something that is constantly being updated, a good compromise is setting the Response.Expires header for some value that you think is appropriate (it is measured in minutes).

+2
source

I had a similar problem before, but whenever I clicked the link on this page, she asked me to log in again.

You can try either resetting sessionID = "or sessionID =" XYZ "and making XYZ what your code ignores when you log out.

You can also try setting the no-cache headers.

+1
source

You can send a no-cache, but nonetheless a quiet performance hit, to get what you want. I prefer the Liams offer and guarantee that everything you do from this page requires you to be logged in, so no one can do anything that they donโ€™t need. What if its email system, although similar, people "can" view other people's emails that are cached, in these cases yes, and not caching sensitive information is the way to go (you cannot cache default HTTPS pages, for example) .

You can also include some javascript in your head that could check for a โ€œregisteredโ€ cookie. This will run every time they load the page, if the cookie does not exist, then JS can redirect you to the login page. Not 100% proof of a fool, but good enough. On the logout page, you must clear this cookie and your login page is set up.

0
source

More articles:


All Articles