Remove cache from browser after user logs out

You have an ASP.NET web site that forces a user to sign in prior to using the web site. After the user logs out, you do not want anyone to be able to open cached web pages (i.e. navigate throught the browser history) that the user previously browsed.

One solution that I have found to work well for Firefox3, IE7, and Chrome7 is to add Response Headers to the web site’s Master Page that will inform the client browser to not cache any of the pages.

Add the following event handler to the Master Page:

protected void Page_Load(object sender, EventArgs e)
Response.AddHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");

Note that the response header above is the only thing I added for cache control and it does the job. However, I often see Pragma and Expires response headers being used on other websites.

For example, here are response headers that I have seen used in Gmail:

Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Tue, 02 Nov 2010 16:38:15 GMT
x-dns-prefetch-control: off
Content-Encoding: gzip
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSEServer: GSE

I’m not sure if the Pragma: and Expires: headers are used for older browsers and/or other newer browsers. Let me know if you have details on this.

I, personally, like to implement the minimum amount of code to solve a problem and I’ve never (yet) had a case where the Response.AddHeader noted at the top wasn’t sufficient.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s