0 Replies - 6816 Views - Last Post: 26 June 2012 - 07:32 AM

#1 RedYote  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 48
  • Joined: 17-May 12

Preventing caching in webforms

Posted 26 June 2012 - 07:32 AM

Here's the situation. I'm working on a webform I built for my workplace. One of the areas that flagged when they tested it with a security program was that it allows caching of the webform. I was told to fix this(prevent the caching).

The basic set-up of the webform is for quotes. People fill out fields indicating name, what they want, how much it is, and hit submit. It redirects to a confirmation page, sends them an email, creates a ticket in our in-house ticket system, and stores the data in a database. Also, the webform is written in Visual Studio using C#, HTML, and ASP.net.

I've done a bit of research on google to prevent the caching, and these are the solutions I've tried.

In the Page_Load for the actual request page that needs to not be cached:
if (!Page.IsPostBack)
            {
               Response.Cache.SetCacheability(HttpCacheability.ServerAndNoCache);
               Response.Cache.SetNoStore();
               Response.Cache.SetAllowResponseInBrowserHistory(false);
            }


(Nothing changed from when I hit the back button without above code in place; I ended up commenting it out)

In the Site.Master code, also on Page_Load:

Response.ClearHeaders();
            Response.AppendHeader("Cache-Control", "no-cache"); //HTTP 1.1
            Response.AppendHeader("Cache-Control", "private"); // HTTP 1.1
            Response.AppendHeader("Cache-Control", "no-store"); // HTTP 1.1
            Response.AppendHeader("Cache-Control", "must-revalidate"); // HTTP 1.1
            Response.AppendHeader("Cache-Control", "max-stale=0"); // HTTP 1.1 
            Response.AppendHeader("Cache-Control", "post-check=0"); // HTTP 1.1 
            Response.AppendHeader("Cache-Control", "pre-check=0"); // HTTP 1.1 
            Response.AppendHeader("Pragma", "no-cache"); // HTTP 1.0 
            Response.AppendHeader("Expires", "Mon, 26 Jul 1997 05:00:00 GMT"); // HTTP 1.0


This particular one adds a page in between the confirmation page and the request page when I hit the back button, warning against form resubmission, but a second click of the back button takes me to the filled in request form.

I believe the second one is closer to what I need to prevent caching of the webform, but I'm not entirely sure.

My assumption is that by preventing caching, it should prevent me from being able to hit the back button and see all the values that were just filled out on the form. My first question: Is this assumption correct, or am I completely off?

My second question: Is it actually possible to control the caching behavior of browsers in regards to a website?

My third question: If it is possible, am I going about this the right way?

And my fourth and final question: If I am not going about this the right way, what are some resources that would be helpful in teaching me how to prevent caching?

I've been staring at google search pages for months, sifting through page after page to try and find a solution. Any and all guidance on this matter would be greatly appreciated.

Is This A Good Question/Topic? 0
  • +

Page 1 of 1