The idea behind this trick is that the page should not be cached by the browser and reloaded every time the user access it so when you logout and try the back button of the browser instead of cached data, a request to the server would be send and it would redirect you to the login page in case this is a secured page. In order to achieve this the proper response headers should be applied so the browser would now not to cache this page.
Response Headers
Cache-Control:no-cache, no-store, must-revalidate
Expires:-1
Pragma:no-cache
As of C#/SharePoint code in case you have page with control exposing sensitive data and you would like to disable viewing it when the user logout and click on the back button then make a method:
using System; using System.Web; namespace MySPSolution { class Utils { public static void DisableBrowserCache() { HttpContext.Current.Response.Cache.SetNoStore(); HttpContext.Current.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches); HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache); //those bellow are set up automatically, but if not .. uncomment. //HttpContext.Current.Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-1)); //HttpContext.Current.Response.AppendHeader("Pragma", "no-cache"); } } }
... then once you have the control created use the above method within the control:
namespace SPProject.ControlTemplates.YourNamespace { public partial class YourControl: UserControl { protected override void OnInit(EventArgs e) { Utils.DisableBrowserCache(); base.OnInit(e); } } }
Please note that no web browser caching would bring additional overhead for the server so use it for the pages where there is need.
Cheers