caching? problem with forms authentication and IE (but not Netscape?)

[Chuck Doucette]

I have a web application with at least three pages:

/index.aspx (home page)
/login.aspx (login page)
/my/portfolio.aspx (private page - needs authentication)

If I attempt to go directly to the private page, I am properly
redirected to the login page. If the login is successful, I am then
redirected to the private page. Once I'm on the private page, I click
on an image button to logout, which logs me out by effectively
deleting the non-persistent authentication cookie, and then redirects
me back to the home page.

Then, when I am using IE, if I attempt to go directly to the private
page again, I can see it, or at least a cached version of it. I am not
redirected to the login page as I should be. If I push reload on the
browser, I see the login page instead, although the URL in the address
window implies that I'm still looking at the private page. However, if
I clear the temporary files in IE right before I attempt to go
directly back to the private page, then I am properly redirected to
the login page (with the correct URL displayed in the address bar).

If I use Netscape, everything appears to work fine on the first try
(unlike IE). I don't have to clear the cache.

Is this a bug in ASP.NET (server-side), IE (client-side), or a
user-error?

Do I need to explicitly disable caching on all of my private pages?
If so, should I do it like this (from the Page_Load method of my
private page)?

Response.AppendHeader("pragma","no-cache");
Response.AppendHeader("cache-control", "no-cache");

Thanks for any help or insight!

Chuck

[Chuck Doucette]

When I explicitly disabled client-side (browser) caching as I described below,
my application worked as expected. After I logged out, I was not able to
view the private page again but was redirected to the login page instead
(as I should be).

So, isn't this an IE bug, or is it IEs right to try to cache whatever it
wants to unless I tell it otherwise? Do I need to set some sort of expiration?

Thanks,
Chuck

[email]cdoucette@med-learn.com[/email] (Chuck Doucette) wrote in message news:<62f8bf72.0309221515.4deb072d@posting.google. com>...

> I have a web application with at least three pages:
>
> /index.aspx (home page)
> /login.aspx (login page)
> /my/portfolio.aspx (private page - needs authentication)
>
> If I attempt to go directly to the private page, I am properly
> redirected to the login page. If the login is successful, I am then
> redirected to the private page. Once I'm on the private page, I click
> on an image button to logout, which logs me out by effectively
> deleting the non-persistent authentication cookie, and then redirects
> me back to the home page.
>
> Then, when I am using IE, if I attempt to go directly to the private
> page again, I can see it, or at least a cached version of it. I am not
> redirected to the login page as I should be. If I push reload on the
> browser, I see the login page instead, although the URL in the address
> window implies that I'm still looking at the private page. However, if
> I clear the temporary files in IE right before I attempt to go
> directly back to the private page, then I am properly redirected to
> the login page (with the correct URL displayed in the address bar).
>
> If I use Netscape, everything appears to work fine on the first try
> (unlike IE). I don't have to clear the cache.
>
> Is this a bug in ASP.NET (server-side), IE (client-side), or a
> user-error?
>
> Do I need to explicitly disable caching on all of my private pages?
> If so, should I do it like this (from the Page_Load method of my
> private page)?
>
> Response.AppendHeader("pragma","no-cache");
> Response.AppendHeader("cache-control", "no-cache");
>
> Thanks for any help or insight!
>
> Chuck

[Elizebethsoumya Joseph]

Hi Chuck!
We just added the below code, and this seems to have fixed the problem for IE7.
<HEAD>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</HEAD>