Question

I know this question has been asked before but I'm confused as to the best approach so please forgive me asking again...

I have an MVC3 application that will be an extranet, allowing users to log in, via Forms Authentication. The users will be accessing confidential information so, in order to prevent somebody from hitting Back after they log out (and I SignOut of FormsAuthentication), I have disabled all caching, forcing the redirection to the logon page.

Everything works well from a security point of view, but my problem is that I'd like to cache the non-secure elements of the page, such as images, backgrounds, logos, etc.

At the moment, each page renders with an ugly flicker, because all my artwork is being downloaded each time.

Of course, this also has a negavtive impact on bandwidth too.

How can I control the caching such that the artwork, css, scripts, etc. get cached whilst preventing the dreaded Back button after FormsAuthentication SignOut problem?

Thank you in advance,

Simon.

Was it helpful?

Solution

Assuming the images are not dynamically generated you can either do it internally via MVC or using IIS.

Internally you'd need to serve all your images and set expires by.

If your using IIS it becomes much much simpler, you just edit the expires header in the IIS Custom headers section to a date in the future (a date in the past auto expires it). If you wish to ensure an image is not cached add a query string to it 

<img src="image.png?dummy=8sn7ahh2" />

Then the image wouldn't be cached too so you basically want to cache all images and then black list (using query string) the ones you don't want cached.

Heres a nice example on how to switch it on/off for IIS7

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top