Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > caching? problem with forms authentication and IE (but not Netscape?)

Reply
Thread Tools

caching? problem with forms authentication and IE (but not Netscape?)

 
 
Chuck Doucette
Guest
Posts: n/a
 
      09-22-2003
I have a web application with at least three pages:

/index.aspx (home page)
/login.aspx (login page)
/my/portfolio.aspx (private page - needs authentication)

If I attempt to go directly to the private page, I am properly
redirected to the login page. If the login is successful, I am then
redirected to the private page. Once I'm on the private page, I click
on an image button to logout, which logs me out by effectively
deleting the non-persistent authentication cookie, and then redirects
me back to the home page.

Then, when I am using IE, if I attempt to go directly to the private
page again, I can see it, or at least a cached version of it. I am not
redirected to the login page as I should be. If I push reload on the
browser, I see the login page instead, although the URL in the address
window implies that I'm still looking at the private page. However, if
I clear the temporary files in IE right before I attempt to go
directly back to the private page, then I am properly redirected to
the login page (with the correct URL displayed in the address bar).

If I use Netscape, everything appears to work fine on the first try
(unlike IE). I don't have to clear the cache.

Is this a bug in ASP.NET (server-side), IE (client-side), or a
user-error?

Do I need to explicitly disable caching on all of my private pages?
If so, should I do it like this (from the Page_Load method of my
private page)?

Response.AppendHeader("pragma","no-cache");
Response.AppendHeader("cache-control", "no-cache");

Thanks for any help or insight!

Chuck
 
Reply With Quote
 
 
 
 
Chuck Doucette
Guest
Posts: n/a
 
      09-23-2003
When I explicitly disabled client-side (browser) caching as I described below,
my application worked as expected. After I logged out, I was not able to
view the private page again but was redirected to the login page instead
(as I should be).

So, isn't this an IE bug, or is it IEs right to try to cache whatever it
wants to unless I tell it otherwise? Do I need to set some sort of expiration?

Thanks,
Chuck

http://www.velocityreviews.com/forums/(E-Mail Removed) (Chuck Doucette) wrote in message news:<(E-Mail Removed). com>...
> I have a web application with at least three pages:
>
> /index.aspx (home page)
> /login.aspx (login page)
> /my/portfolio.aspx (private page - needs authentication)
>
> If I attempt to go directly to the private page, I am properly
> redirected to the login page. If the login is successful, I am then
> redirected to the private page. Once I'm on the private page, I click
> on an image button to logout, which logs me out by effectively
> deleting the non-persistent authentication cookie, and then redirects
> me back to the home page.
>
> Then, when I am using IE, if I attempt to go directly to the private
> page again, I can see it, or at least a cached version of it. I am not
> redirected to the login page as I should be. If I push reload on the
> browser, I see the login page instead, although the URL in the address
> window implies that I'm still looking at the private page. However, if
> I clear the temporary files in IE right before I attempt to go
> directly back to the private page, then I am properly redirected to
> the login page (with the correct URL displayed in the address bar).
>
> If I use Netscape, everything appears to work fine on the first try
> (unlike IE). I don't have to clear the cache.
>
> Is this a bug in ASP.NET (server-side), IE (client-side), or a
> user-error?
>
> Do I need to explicitly disable caching on all of my private pages?
> If so, should I do it like this (from the Page_Load method of my
> private page)?
>
> Response.AppendHeader("pragma","no-cache");
> Response.AppendHeader("cache-control", "no-cache");
>
> Thanks for any help or insight!
>
> Chuck

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms Authentication and Authentication Cookie rgouge ASP .Net Security 3 06-20-2005 10:09 PM
Winddows authentication AND Forms Authentication Galore ASP .Net 1 11-03-2004 06:25 AM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments