Disable Browser Caching in ASP.NET

If your ASP.NET application enforces users to log in to access their stuff, you may consider adding code that will tell the client browser to not cache your web app’s pages.

For example:
Say Bert logs into your web application (via username/password), then he goes to certain pages of the application that contain confidential information. After some time, Bert logs out of your web application and walks away from the computer.

After Bert is gone, Ernie takes the driver seat of the same computer that Bert was on and opens up the same browser. If Ernie were to open the browser’s history (cache), Ernie would be able to view Bert’s confidential pages.

To keep this problem from occurring, I added the following code to my application’s .MASTER page:

        protected void Page_Load(object sender, EventArgs e)
        {
            //Tell the client browser to not store cached pages of this app.
            Response.AddHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");            
        }
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s