Prevent Browser Back Button Cache

prevent browser back button cache

Thanks guys for helping me out but i found a way that force the browser to prevent cache and i have used the below code :

header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1.
header("Pragma: no-cache"); // HTTP 1.0.
header("Expires: 0 "); // Proxies.

here is the reference :
Making sure a web page is not cached, across all browsers
and its working pretty good.

Disable webpage caching for browser forward/back buttons

I found out that the best solution is the following filter:

import java.io.IOException;
import javax.faces.application.ResourceHandler;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet Filter implementation class NoCacheFilter
 */
  @WebFilter(urlPatterns = {"*.xhtml"})
  public class NoCacheFilter implements Filter {

/**
 * Default constructor. 
 */
public NoCacheFilter() {
    // TODO Auto-generated constructor stub
}

/**
 * @see Filter#destroy()
 */
public void destroy() {
    // TODO Auto-generated method stub
}

/**
 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
 */

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;

    // apply no caching for all web pages except resources, you can customize that to be applied for specific pages
    if (!req.getRequestURI().startsWith(req.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER)) { // Skip JSF resources (CSS/JS/Images/etc)
        res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        res.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        res.setDateHeader("Expires", 0); // Proxies.
    }

    chain.doFilter(request, response);
}
/**
 * @see Filter#init(FilterConfig)
 */
public void init(FilterConfig fConfig) throws ServletException {
    // TODO Auto-generated method stub
}

}

according to the answer in this question:

Redirect to login page when user clicks on back button after logout in JSF

easiest way to prevent the back button of your browser from showing secure data after a user logs out?

Here's a useful browser caching guide.

You want to set the cache-control and expiration date headers (setting a date in the past), e.g.

 Cache-Control: no-cache
 Expires: Fri, 31 Dec 1998 12:00:00 GMT

Prevent safari loading from cache when back button is clicked

Your problem is caused by back-forward cache. It is supposed to save complete state of page when user navigates away. When user navigates back with back button page can be loaded from cache very quickly. This is different from normal cache which only caches HTML code.

When page is loaded for bfcache onload event wont be triggered. Instead you can check the persisted property of the onpageshow event. It is set to false on initial page load. When page is loaded from bfcache it is set to true.

Kludgish solution is to force a reload when page is loaded from bfcache.

window.onpageshow = function(event) {
    if (event.persisted) {
        window.location.reload() 
    }
};

If you are using jQuery then do:

$(window).bind("pageshow", function(event) {
    if (event.originalEvent.persisted) {
        window.location.reload() 
    }
});

Disable browser 'Back' button after logout?

Finally found the solution:

from django.views.decorators.cache import cache_control

@cache_control(no_cache=True, must_revalidate=True)
def func()
  #some code
  return

This will force the browser to make request to server.

How to prevent browser page caching in Rails

I finally figured this out - http://blog.serendeputy.com/posts/how-to-prevent-browsers-from-caching-a-page-in-rails/ in application_controller.rb.

After Ruby on Rails 5:

class ApplicationController < ActionController::Base

  before_action :set_cache_headers

  private

  def set_cache_headers
    response.headers["Cache-Control"] = "no-cache, no-store"
    response.headers["Pragma"] = "no-cache"
    response.headers["Expires"] = "Mon, 01 Jan 1990 00:00:00 GMT"
  end
end

Ruby on Rails 4 and older versions:

class ApplicationController < ActionController::Base

  before_filter :set_cache_headers

  private

  def set_cache_headers
    response.headers["Cache-Control"] = "no-cache, no-store"
    response.headers["Pragma"] = "no-cache"
    response.headers["Expires"] = "Mon, 01 Jan 1990 00:00:00 GMT"
  end
end

Related Topics

PHP Array, Are Array Indexes Case Sensitive

Mysqli Query Doesn't Work Twice

How to Get a List of Databases

PHP Pass Data with Redirect

Strtolower() for Unicode/Multibyte Strings

How to Apply Url Normalization Rules in PHP

$_Post Empty on Utf-8 Characters

Insert Value List Does Not Match Column List: 1136 Column Count Doesn't Match Value Count

PHP Readfile() Adding Extra Bytes to Downloaded File

Multidimensional Arrays Nested to Unlimited Depth

Extending Session Timeout in PHP via the .Htaccess

Call to Undefined Function Password_Hash()

Hide Added to Cart Message in Woocommerce

Fatal Error: Uncaught Argumentcounterror: Too Few Arguments to Function

Edit .Htaccess with PHP

Pdo Returning Error "Could Not Find Driver" with a Known Working Dsn

Set_Error_Handler() Doesn't Work for Fatal Error

Crypt for Password Hashing. Blowfish Produces Weird Output


Leave a reply



Submit