0
Answer

Caching and page access restrictions

nick 0

nick 0

20y
1.6k
1
Security dealing with page access restrictions is making me crazy. I have a private site requiring user and password logins but the computer is physically accesible by more than just that user. I have tested multiple browser for compatibility and they call cache the pages. Even after the user has logged out and i have done FormsAuthenticiation.SignOut() and Session.Abandon(). But the browser does not interact with the server when displaying a cached page. So another person could come along after they previous user has left and backup giving them a view of personal information. I have tried setting SetCacheability(HttpCacheability.NoCache) but this creates a side affect that when the real user is still logged in an tries to back up they will get a page expired error. I need to make sure that the real user and go forward and backward while still logged in and the unauthorized user from backing up to view someone elses info. Any ideas?