By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,749 Members | 1,615 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,749 IT Pros & Developers. It's quick & easy.

How to expire an ASP.NET page?

P: n/a
Hi,

I've been searching and testing and have not yet found the answer I'm
looking for.

I have an ASP.NET (vb) application with an ecommerce function. When
the user submits the page, I DON'T want them to be able to click on the
'BACK' button and get back to the form - they may inadvertently
re-submit the page and get charged again. I WANT them to get the "Page
has expired" message.

I used to be able to do something like this with the META "Expires" tag
in classic ASP, but that doesn't seem to work with .NET.

I've tried...

Page.Response.Cache.SetCacheability(HttpCacheabili ty.NoCache)
Response.Expires = 0
Response.Cache.SetNoStore()
Response.AppendHeader("Pragma", "no-cache")

....in my Page_Load but the most they've been able to do is clear out
the form. They will not force the "Page is expried", which is what I
want.

Can someone please give me the definitive answer on manually expiring a
web form page in ASP.NET?

Thanks,

ShusteS

Jul 20 '06 #1
Share this Question
Share on Google+
4 Replies


P: n/a

"Scott Shuster" <sc***********@yahoo.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
The things that you have already tried are legitimate, however, you must
understand that browsers still do what they want to do and cache content
locally and not respect the HTTP headers that are sent down. I'm not sure if
there is any more you can do.
Hi,

I've been searching and testing and have not yet found the answer I'm
looking for.

I have an ASP.NET (vb) application with an ecommerce function. When
the user submits the page, I DON'T want them to be able to click on the
'BACK' button and get back to the form - they may inadvertently
re-submit the page and get charged again. I WANT them to get the "Page
has expired" message.

I used to be able to do something like this with the META "Expires" tag
in classic ASP, but that doesn't seem to work with .NET.

I've tried...

Page.Response.Cache.SetCacheability(HttpCacheabili ty.NoCache)
Response.Expires = 0
Response.Cache.SetNoStore()
Response.AppendHeader("Pragma", "no-cache")

...in my Page_Load but the most they've been able to do is clear out
the form. They will not force the "Page is expried", which is what I
want.

Can someone please give me the definitive answer on manually expiring a
web form page in ASP.NET?

Thanks,

ShusteS
Jul 20 '06 #2

P: n/a
I'm guessing at the code - but try:

Response.Cache.SetExpires(DateTime.Parse(DateTime. Now.ToString()))
Response.Cache.SetCacheability(HttpCacheability.Pr ivate)
--
Regards

John Timney (MVP)
"Scott Shuster" <sc***********@yahoo.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
Hi,

I've been searching and testing and have not yet found the answer I'm
looking for.

I have an ASP.NET (vb) application with an ecommerce function. When
the user submits the page, I DON'T want them to be able to click on the
'BACK' button and get back to the form - they may inadvertently
re-submit the page and get charged again. I WANT them to get the "Page
has expired" message.

I used to be able to do something like this with the META "Expires" tag
in classic ASP, but that doesn't seem to work with .NET.

I've tried...
Page.Response.Cache.SetCacheability(HttpCacheabili ty.NoCache)
Response.Expires = 0
Response.Cache.SetNoStore()
Response.AppendHeader("Pragma", "no-cache")

...in my Page_Load but the most they've been able to do is clear out
the form. They will not force the "Page is expried", which is what I
want.

Can someone please give me the definitive answer on manually expiring a
web form page in ASP.NET?

Thanks,

ShusteS

Jul 20 '06 #3

P: n/a
Hi,

Thanks for the post.

I have tried everything, including this suggestion, and the most that
it will do is clear out the form (cache) so that when the user clicks
on the BACK button, the form is empty.

Nothing I've done has actually expired the form so that the page won't
show at all, which is what I'm trying to acheive.

Thanks,

Scott Shuster
John Timney (MVP) wrote:
I'm guessing at the code - but try:

Response.Cache.SetExpires(DateTime.Parse(DateTime. Now.ToString()))
Response.Cache.SetCacheability(HttpCacheability.Pr ivate)
--
Regards

John Timney (MVP)
"Scott Shuster" <sc***********@yahoo.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
Hi,

I've been searching and testing and have not yet found the answer I'm
looking for.

I have an ASP.NET (vb) application with an ecommerce function. When
the user submits the page, I DON'T want them to be able to click on the
'BACK' button and get back to the form - they may inadvertently
re-submit the page and get charged again. I WANT them to get the "Page
has expired" message.

I used to be able to do something like this with the META "Expires" tag
in classic ASP, but that doesn't seem to work with .NET.

I've tried...
Page.Response.Cache.SetCacheability(HttpCacheabili ty.NoCache)
Response.Expires = 0
Response.Cache.SetNoStore()
Response.AppendHeader("Pragma", "no-cache")

...in my Page_Load but the most they've been able to do is clear out
the form. They will not force the "Page is expried", which is what I
want.

Can someone please give me the definitive answer on manually expiring a
web form page in ASP.NET?

Thanks,

ShusteS
Jul 21 '06 #4

P: n/a
Thus wrote Scott,
Hi,

I've been searching and testing and have not yet found the answer I'm
looking for.

I have an ASP.NET (vb) application with an ecommerce function. When
the user submits the page, I DON'T want them to be able to click on
the 'BACK' button and get back to the form - they may inadvertently
re-submit the page and get charged again. I WANT them to get the
"Page has expired" message.
Generally speaking, that's impossible. The HTTP 1.1 spec clearly says:

"History mechanisms and caches are different. In particular history mechanisms
SHOULD NOT try to show a semantically transparent view of the current state
of a resource. Rather, a history mechanism is meant to show exactly what
the user saw at the time when the resource was retrieved.

By default, an expiration time does not apply to history mechanisms. If the
entity is still in storage, a history mechanism SHOULD display it even if
the entity has expired, unless the user has specifically configured the agent
to refresh expired history documents."

Many browser do handle the concepts "history list" and "local cache" as one
entity, others don't. Some even change their behavior depending on specific
Cache-Control headers or the use of HTTPS.
I used to be able to do something like this with the META "Expires"
tag in classic ASP, but that doesn't seem to work with .NET.
If whatever you've tried to achieve with a META tag worked for you in ASP,
it will work in ASP.NET as well. This is a client specific behavior.
I've tried...

Page.Response.Cache.SetCacheability(HttpCacheabili ty.NoCache)
Response.Expires = 0
Response.Cache.SetNoStore()
Response.AppendHeader("Pragma", "no-cache")
To prevent caching, the first line usually suffices.

But in an internet scenario where you have no control over your users' browsers,
this approach is bound to fail. If you want to prevent duplicate form submits,
either

a) use redirect-after-post -- after processing the form submit, use HttpResponse.Redirect()
to send the user to the next page. The browser will only record the redirect's
GET in its history, not the POST. The drawback of this approach is another
roundtrip to the client for each form submit.

b) use a synchronizer token. Each web form includes a token (e.g. a GUID
or random number) that can be used only for one form submission. If you receive
a post back with an unexpected token, you can handle the duplicate submission
as you see fit. Here's a sample implementation: http://tinyurl.com/lnx9w.
The drawback of this approach is that some browser will warn the user of
duplicate form submission, which many wrongly think of as an error message.
Thus, the user experience isn't really great: The user clicks back, thr browser
displays a warning, the user submits again away, and finally the application
displays a warning or an error after detecting the duplicate submisson --
that's not really nice.

Cheers,
--
Joerg Jooss
ne********@joergjooss.de
Jul 22 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.