From all I've read from many web sites (unfortunately not in codeproject), you can make your ASP.NET pages protected from user's misbehavior such as pressing browser's Back button while your data entry is not yet saved, or you want to ensure the security of transactional data, in such as online banking.
But most of them are also giving you confusing or misleading information. Fo example, you have to put the code at the right event to do this. For example, in Page_Load, and this is the safest bet. Also from what I know, some websites give you "Page is expired" message. If you search this using Google, many has just given you example using Response.AppendHeader with Pragma and no-cache parameters, but this sample isn't enough for other browser such as FireFox. After some experiments, I found a simple one.
This is the code:
protected void Page_Load(object sender, EventArgs e)
{
this.Response.Expires = 0;
this.Response.AppendHeader("Pragma", "no-cache");
this.Response.Cache.SetNoStore();
}
The code above has some drawbacks:
- It doesn't check whether you should make it expire longer or not. It should be long enough if you predict that not all of your audience has quite fast bandwidth. The fact is, always assume that you have slow bandwidth in Indonesia.
- The forward button (after pressing back button) will give you the same "Page is expired". This can be quite confusing.
Is there any solution better than this? Please let me know. :)