Press "Enter" to skip to content

Prevent exposing sensitive page on web browser back button click after user logout in SharePoint control

The idea behind this trick is that the page should not be cached by the browser and reloaded every time the user access it so when you logout and try the back button of the browser instead of cached data, a request to the server would be send and it would redirect you to the login page in case this is a secured page. In order to achieve this the proper response headers should be applied so the browser would now not to cache this page.

 

Response Headers

Cache-Control:no-cache, no-store, must-revalidate
Expires:-1
Pragma:no-cache

As of C#/SharePoint code in case you have page with control exposing sensitive data and you would like to disable viewing it when the user logout and click on the back button then make a method:

using System;
using System.Web;

namespace MySPSolution
{
    class Utils
    {
        public static void DisableBrowserCache()
        {
            HttpContext.Current.Response.Cache.SetNoStore();
            HttpContext.Current.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);
            HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
            //those bellow are set up automatically, but if not .. uncomment.
            //HttpContext.Current.Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-1));
            //HttpContext.Current.Response.AppendHeader("Pragma", "no-cache"); 
        }
    }
}

... then once you have the control created use the above method within the control:

namespace SPProject.ControlTemplates.YourNamespace
{
    public partial class YourControl: UserControl
    {
        protected override void OnInit(EventArgs e)
        {
            Utils.DisableBrowserCache();
            base.OnInit(e);
        }
    }
}

Please note that no web browser caching would bring additional overhead for the server so use it for the pages where there is need.

Cheers