如何在註銷後防止瀏覽器後退按鈕Aspnet Core

Question

我有一個aspnet核心網站，使用cookie身份驗證。 當我註銷時，然後當我點擊瀏覽器的後退按鈕時，我導航到最後一個網頁，我不想要那個，我不想讓用戶重定向到登錄頁面再次驗證。

我startup.cs

public void ConfigureServices(IServiceCollection services) 
     { 
      .... 
      services.AddIdentity<ApplicationUser, ApplicationRole>(
      config => 
      { 
       config.User.RequireUniqueEmail = true; 
       config.SignIn.RequireConfirmedEmail = true; 
       config.Password.RequiredLength = 8; 
       config.Cookies.ApplicationCookie.LoginPath = "/Home/Login"; 
      }) 
      .AddEntityFrameworkStores<DbContext>() 
      .AddDefaultTokenProviders(); 
     ...... 
     } 

我controller.cs

public class HomeController : Controller 
    { 
     ..... 
     private readonly string _externalCookieScheme; 
     .... 


     public HomeController(
      ..... 
      IOptions<IdentityCookieOptions> identityCookieOptions, 
      .....) 
     { 
      .... 
      _externalCookieScheme = identityCookieOptions.Value.ExternalCookieAuthenticationScheme; 
      .... 

     } 




     [HttpGet] 
     [AllowAnonymous] 
     public async Task<IActionResult> Login() 
     { 
      // Clear the existing external cookie to ensure a clean login process 
      await HttpContext.Authentication.SignOutAsync(_externalCookieScheme); 
      return View(); 
     } 

     [HttpPost] 
     [ValidateAntiForgeryToken] 
     public async Task<IActionResult> LogOff() 
     { 
      await HttpContext.Authentication.SignOutAsync(_externalCookieScheme); //don´t remove the cookie 
      _logger.LogInformation(4, "User logged out."); 
      return RedirectToAction(nameof(HomeController.Login), "Home"); 
     }  
} 

我是缺少在這裏？

此致敬禮。

jolynice

Answer 1

您需要設置Cache-Control標頭。對於單個頁面或控制器，您可以像這樣設置標題：

[ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)] 

如果這樣不起作用，請確保標題未被覆蓋。你可以在我的博客文章中找到詳細的解釋：How To Prevent the Back Button after Logout in ASP.NET Core MVC。