c# - Possible way to make the page session expired in ASP MVC 3? ("Press Back Button after Logout issue" -

-

i working on mvc3 website user authentication.

i have security issue whereby want prevent user relogin pressing button after log out page.

i had research many solutions, not understand how apply project. possible in mvc3?

you not re-logging, viewing page browser cache. if try debug, see no code executed on button on browser. if try click after logging out , pressing back, redirected login page(if left default mvc3 app behavior).

there several solutions, , take:

  1. you can make custom actionfilterattribute, prevent caching on controllers, or/and actions this, apply action/controller:

    public class noclientcache : actionfilterattribute {     public override void onresultexecuting(resultexecutingcontext filtercontext)     {         filtercontext.httpcontext.response.cache.setexpires(datetime.utcnow.adddays(-1));         filtercontext.httpcontext.response.cache.setvaliduntilexpires(false);         filtercontext.httpcontext.response.cache.setrevalidation(httpcacherevalidation.allcaches);         filtercontext.httpcontext.response.cache.setcacheability(httpcacheability.serverandnocache);         filtercontext.httpcontext.response.cache.setnostore();          base.onresultexecuting(filtercontext);     } }

  2. you can force refresh after logout executed triggering browser client-side

    history.go(1);

added: if logging out single location, should go first approach, if logout button on layout page, bad disable caching on pages, 2nd approach seems way go.


Comments

Post a Comment

Popular posts from this blog

django - How can I change user group without delete record -

-
on website user have 1 group. , user can change group. it's made user.groups.clear() and user.groups.add(new_group) but it's not efficient, because there 2 sql query: delete, insert. how can change group update query? user , group related each other using manytomanyfield . means intersection table exists relating both entities, , if don't specify model map (using through attribute) django creates 1 you. looking @ sources django.contrib.auth.models see that's case. fortunatly, can access intermediary model using through attribute of manager (in case, user.groups.through ). can use regular model. example: >>> alice = user.objects.create_user('alice', 'alice@example.com', 'alicepw') >>> employee = group.objects.create(name='employee') >>> manager = group.objects.create(name='manager') >>> alice.groups.add(employee) >>> alice.groups.all() [<group: employee...
Read more

java - Need to add SOAP security token -

-
i need set custom soap header attribute on jax-ws generated webservice client. case webservice calls must go through proxy server requiring specific token (recieved web request header) present in soap request header. e.g.: 1 carserviceservice service = null; 2 service = new carserviceservice(new url(url), new qname(qname); 3 carserviceendpoint port = service.getcarserviceport(); it seems in line 3 wsdl retrieved , call fails due missing security token. 1 point direction on how done? a detailed example has been mentioned here: creating , deploying jax-ws web service on tomcat 6 this article shows how create , use security token .
Read more

java - EclipseLink JPA Object is not a known entity type -

-
i have strange problem eclipselink , object want persist. have 1 object (keypointlistimpl) stores object keypointimpl in list. persisting keypointimpl objects works great if try persist keypointlistimpl object java.lang.illegalargumentexception says object keypointimpl isn't known entity type. here keypointimpl code: @entity @table(name="keypoints") public class keypointimpl implements keypoint { @id @generatedvalue(strategy = generationtype.identity) private int id; @enumerated(enumtype.string) private detectortype keypointtype; private float x; private float y; private float size; private float angle; private float response; private int octave; private int classid; ... } here keypointlistimpl code: @entity @table(name="keypointlists") public class keypointlistimpl implements keypointlist { @id @generatedvalue(strategy = generationtype.identity) private int id; @onetoone(cascade={ca...
Read more