All,
Did anybody see this strange effect? The web application is written in C#,
ASP.NET, SQL, T-SQL, etc. A pretty usual stuff, complicated enough, but
works fine until...
Here is a question. I don't see any problem if I start this app on my local
computer against my local IE both in debug or release modes. If I upload the
same app to my corporate server where it works under HTTPS here are a few
possible ways.
1. It works just great if the Advanced Internet option "Do not save
encrypted pages to disk" is checked on.
2. If I uncheck this option then it still works if I run it on my local IIS
against my local IE,
3. ... but if I run this app against my corporate server with my local IE
then here is a very interesting bug. I'm able to login as one client using
his login/password, then I can click the Backspace button, get the login
page again, enter another login/password, then click OK and get the page
belonging to the first patient like it was already stored in some buffer and
returned back to me. All pages and the whole app are configured to ignore
the cache, all aspx pages are having this tag:
<meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
No results at all! What's going on? Is the operating system too stupid to
cache pages inside one session and ignore all settings made right in the
program code? It doesn't happen if I call new pages one by one, the app is
written so that it generates a new URL every time when it's called
especially to prevent any type of caching, any type of caching is excluded
to protect the privacy, but I can do nothing to the return back feature.
This bug kills the whole security. Why IIS is so crazy to return the page
from some cache in place of a new calculated page according to the new
combination login/password? Any ideas how to avoid this issue? The operating
system on the server is Windows 2000 Advanced Server. My local system where
this issue doesn't appear is Windows XP Pro. If I connect to the remote
server ragardless of the machine and/or operating system I'm receiving this
issue. But why? If I check the option mentioned above in - "Do no save
encrypted pages to disk" it works great. A new M$ hole or something?
I also see in debugger that if I click the Backspace button the previous
page "supposes" that there were no a postback and executes a short schema
skipping the if (!IsPostBack){} . Maybe I should play with it closer? Did
anybody see this kind of issues and what was the solution?
Just D. 9 2141
Hi,
Text inline.
"Just D." <no@spam.please > wrote in message
news:gjxTe.7163 3$Ji4.70484@fed 1read03... Here is a question. I don't see any problem if I start this app on my local computer against my local IE both in debug or release modes. If I upload the same app to my corporate server where it works under HTTPS here are a few possible ways.
1. It works just great if the Advanced Internet option "Do not save encrypted pages to disk" is checked on. 2. If I uncheck this option then it still works if I run it on my local IIS against my local IE,
What error you see when uploaded to the server?
3. ... but if I run this app against my corporate server with my local IE then here is a very interesting bug. I'm able to login as one client using his login/password, then I can click the Backspace button, get the login page again, enter another login/password, then click OK and get the page belonging to the first patient like it was already stored in some buffer and returned back to me. All pages and the whole app are configured to ignore the cache, all aspx pages are having this tag:
<meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
Post the code you are using in the page, I bet this is a programming error
more than a OS matter.
Just to be sure, do a Session.Abandon () before checking the login/password
this will assure you that the previous session will be discarded.
No results at all! What's going on? Is the operating system too stupid to cache pages inside one session and ignore all settings made right in the program code? It doesn't happen if I call new pages one by one, the app is written so that it generates a new URL every time when it's called especially to prevent any type of caching, any type of caching is excluded to protect the privacy, but I can do nothing to the return back feature. This bug kills the whole security. Why IIS is so crazy to return the page from some cache in place of a new calculated page according to the new combination login/password? Any ideas how to avoid this issue? The operating system on the server is Windows 2000 Advanced Server. My local system where this issue doesn't appear is Windows XP Pro. If I connect to the remote server ragardless of the machine and/or operating system I'm receiving this issue. But why? If I check the option mentioned above in - "Do no save encrypted pages to disk" it works great. A new M$ hole or something?
Again the back button is dependand of the browser, not IIS, you have to live
with that.
I also see in debugger that if I click the Backspace button the previous page "supposes" that there were no a postback and executes a short schema skipping the if (!IsPostBack){} . Maybe I should play with it closer? Did anybody see this kind of issues and what was the solution?
When you use the "back" button the browser just load the cached document he
has, no request is made to the server, it has been like that always.
cheers,
--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation
Caching occurs in 3 places when dealing with web pages: on the server, on the
client, and on an intermediate proxy server. The no-cache stuff you set only
affects the browser. It simply tells the browser to not cache the page. You
should be able to confirm that the browser is not caching the page by looking
in your temp IE directory. When you click the Back button the browser goes
there first irrelevant of anything else.
Once you have verified that the page itself is not being cached then you
need to confirm that IIS is not caching the page. You can verify this by
looking in the IIS settings for the expiration of pages. Note that setting
this globally could have a dramatic effect on performance.
Finally you need to deal with the proxy server. Chances are that your
corporate IIS box uses a proxy server but I doubt that you are running one
locally so this is probably where the problem lies. When a page request is
sent to the IIS box the proxy server will intercept the request and see if it
has a cached copy of the page (this is not affected by the no-cache option
you set). If it has a copy then it returns the copy otherwise it'll pass the
request on to IIS. To disable proxy caching you need to add some more
pragmas to your page.
In .NET you can remove the various no-cache pragmas and what not from your
page. They won't meet your need in this case. Instead use
HttpCachePolicy .SetCacheabilit y(HttpCacheabil ity.NoCache). This will force
the page to be retrieved from the server every time irrelevant of IE or proxy
settings. It does not map to no-cache.
I haven't played around with this stuff too much but that is how I
understand it. Hope it helps.
Michael Taylor - 9/7/05
"Ignacio Machin ( .NET/ C# MVP )" wrote: Hi,
Text inline.
"Just D." <no@spam.please > wrote in message news:gjxTe.7163 3$Ji4.70484@fed 1read03...
Here is a question. I don't see any problem if I start this app on my local computer against my local IE both in debug or release modes. If I upload the same app to my corporate server where it works under HTTPS here are a few possible ways.
1. It works just great if the Advanced Internet option "Do not save encrypted pages to disk" is checked on. 2. If I uncheck this option then it still works if I run it on my local IIS against my local IE,
What error you see when uploaded to the server?
3. ... but if I run this app against my corporate server with my local IE then here is a very interesting bug. I'm able to login as one client using his login/password, then I can click the Backspace button, get the login page again, enter another login/password, then click OK and get the page belonging to the first patient like it was already stored in some buffer and returned back to me. All pages and the whole app are configured to ignore the cache, all aspx pages are having this tag:
<meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
Post the code you are using in the page, I bet this is a programming error more than a OS matter. Just to be sure, do a Session.Abandon () before checking the login/password this will assure you that the previous session will be discarded.
No results at all! What's going on? Is the operating system too stupid to cache pages inside one session and ignore all settings made right in the program code? It doesn't happen if I call new pages one by one, the app is written so that it generates a new URL every time when it's called especially to prevent any type of caching, any type of caching is excluded to protect the privacy, but I can do nothing to the return back feature. This bug kills the whole security. Why IIS is so crazy to return the page from some cache in place of a new calculated page according to the new combination login/password? Any ideas how to avoid this issue? The operating system on the server is Windows 2000 Advanced Server. My local system where this issue doesn't appear is Windows XP Pro. If I connect to the remote server ragardless of the machine and/or operating system I'm receiving this issue. But why? If I check the option mentioned above in - "Do no save encrypted pages to disk" it works great. A new M$ hole or something?
Again the back button is dependand of the browser, not IIS, you have to live with that.
I also see in debugger that if I click the Backspace button the previous page "supposes" that there were no a postback and executes a short schema skipping the if (!IsPostBack){} . Maybe I should play with it closer? Did anybody see this kind of issues and what was the solution?
When you use the "back" button the browser just load the cached document he has, no request is made to the server, it has been like that always.
cheers,
-- Ignacio Machin, ignacio.machin AT dot.state.fl.us Florida Department Of Transportation
Hi, When you use the "back" button the browser just load the cached document he has, no request is made to the server, it has been like that always.
Not exactly, some secure web sites don't allow to use the Backspace button
showing that the content of the page is expired. Just expiration, a
time-to-live tag or something else?
"Ignacio Machin ( .NET/ C# MVP )" <ignacio.mach in AT dot.state.fl.us > wrote
in message news:uE******** ******@TK2MSFTN GP12.phx.gbl...
Just D.
AZ
Thanks Michael,
I will try your advice:
HttpCachePolicy .SetCacheabilit y(HttpCacheabil ity.NoCache).
Sounds like a good idea. For sure we're not using any cache system on both
sides, the provider doesn't use any proxy or something, otherwise the
traffic would kill it. Anyway I asked the provider about it a couple years
ago. I'm sure that this is the IE bug, I tried Opera yesterday, almost all
controls don't work properly but the credentials work fine, so this is this
feature of the IE - "Do not save encrypted pages to disk", if it's disabled,
only then I see the issue.
Just D.
AZ.
Instead of using :
<meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
Have you tried using : Response.Cache. SetNoStore ();
Juan T. Llibre
ASP.NET MVP
ASP.NET FAQ : http://asp.net.do/faq/
=============== ============
"Just D." <no@spam.please > wrote in message news:gjxTe.7163 3$Ji4.70484@fed 1read03... All,
Did anybody see this strange effect? The web application is written in C#, ASP.NET, SQL, T-SQL, etc. A pretty usual stuff, complicated enough, but works fine until...
Here is a question. I don't see any problem if I start this app on my local computer against my local IE both in debug or release modes. If I upload the same app to my corporate server where it works under HTTPS here are a few possible ways.
1. It works just great if the Advanced Internet option "Do not save encrypted pages to disk" is checked on. 2. If I uncheck this option then it still works if I run it on my local IIS against my local IE, 3. ... but if I run this app against my corporate server with my local IE then here is a very interesting bug. I'm able to login as one client using his login/password, then I can click the Backspace button, get the login page again, enter another login/password, then click OK and get the page belonging to the first patient like it was already stored in some buffer and returned back to me. All pages and the whole app are configured to ignore the cache, all aspx pages are having this tag:
<meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
No results at all! What's going on? Is the operating system too stupid to cache pages inside one session and ignore all settings made right in the program code? It doesn't happen if I call new pages one by one, the app is written so that it generates a new URL every time when it's called especially to prevent any type of caching, any type of caching is excluded to protect the privacy, but I can do nothing to the return back feature. This bug kills the whole security. Why IIS is so crazy to return the page from some cache in place of a new calculated page according to the new combination login/password? Any ideas how to avoid this issue? The operating system on the server is Windows 2000 Advanced Server. My local system where this issue doesn't appear is Windows XP Pro. If I connect to the remote server ragardless of the machine and/or operating system I'm receiving this issue. But why? If I check the option mentioned above in - "Do no save encrypted pages to disk" it works great. A new M$ hole or something?
I also see in debugger that if I click the Backspace button the previous page "supposes" that there were no a postback and executes a short schema skipping the if (!IsPostBack){} . Maybe I should play with it closer? Did anybody see this kind of issues and what was the solution?
Just D.
Hi Juan,
Nice to see you outside the CH :)
cheers,
--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation
"Juan T. Llibre" <no***********@ nowhere.com> wrote in message
news:ei******** ********@TK2MSF TNGP12.phx.gbl. .. Instead of using : <meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
Have you tried using : Response.Cache. SetNoStore (); Juan T. Llibre ASP.NET MVP ASP.NET FAQ : http://asp.net.do/faq/ =============== ============
"Just D." <no@spam.please > wrote in message news:gjxTe.7163 3$Ji4.70484@fed 1read03... All,
Did anybody see this strange effect? The web application is written in C#, ASP.NET, SQL, T-SQL, etc. A pretty usual stuff, complicated enough, but works fine until...
Here is a question. I don't see any problem if I start this app on my local computer against my local IE both in debug or release modes. If I upload the same app to my corporate server where it works under HTTPS here are a few possible ways.
1. It works just great if the Advanced Internet option "Do not save encrypted pages to disk" is checked on. 2. If I uncheck this option then it still works if I run it on my local IIS against my local IE, 3. ... but if I run this app against my corporate server with my local IE then here is a very interesting bug. I'm able to login as one client using his login/password, then I can click the Backspace button, get the login page again, enter another login/password, then click OK and get the page belonging to the first patient like it was already stored in some buffer and returned back to me. All pages and the whole app are configured to ignore the cache, all aspx pages are having this tag:
<meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
No results at all! What's going on? Is the operating system too stupid to cache pages inside one session and ignore all settings made right in the program code? It doesn't happen if I call new pages one by one, the app is written so that it generates a new URL every time when it's called especially to prevent any type of caching, any type of caching is excluded to protect the privacy, but I can do nothing to the return back feature. This bug kills the whole security. Why IIS is so crazy to return the page from some cache in place of a new calculated page according to the new combination login/password? Any ideas how to avoid this issue? The operating system on the server is Windows 2000 Advanced Server. My local system where this issue doesn't appear is Windows XP Pro. If I connect to the remote server ragardless of the machine and/or operating system I'm receiving this issue. But why? If I check the option mentioned above in - "Do no save encrypted pages to disk" it works great. A new M$ hole or something?
I also see in debugger that if I click the Backspace button the previous page "supposes" that there were no a postback and executes a short schema skipping the if (!IsPostBack){} . Maybe I should play with it closer? Did anybody see this kind of issues and what was the solution?
Just D.
Hi, Nacho.
I'm here every day...
Nice to see *you* here.
;-)
Juan T. Llibre
ASP.NET MVP
ASP.NET FAQ : http://asp.net.do/faq/
=============== ===========
"Ignacio Machin ( .NET/ C# MVP )" <ignacio.mach in AT dot.state.fl.us > wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. .. Hi Juan,
Nice to see you outside the CH :)
cheers,
-- Ignacio Machin, ignacio.machin AT dot.state.fl.us Florida Department Of Transportation
"Juan T. Llibre" <no***********@ nowhere.com> wrote in message news:ei******** ********@TK2MSF TNGP12.phx.gbl. .. Instead of using : <meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
Have you tried using : Response.Cache. SetNoStore ();
Juan T. Llibre ASP.NET MVP ASP.NET FAQ : http://asp.net.do/faq/ =============== ============
Just D. wrote: Thanks Michael,
I will try your advice:
HttpCachePolicy .SetCacheabilit y(HttpCacheabil ity.NoCache).
Sounds like a good idea. For sure we're not using any cache system on both sides, the provider doesn't use any proxy or something, otherwise the traffic would kill it. Anyway I asked the provider about it a couple years ago. I'm sure that this is the IE bug, I tried Opera yesterday, almost all controls don't work properly but the credentials work fine, so this is this feature of the IE - "Do not save encrypted pages to disk", if it's disabled, only then I see the issue.
Just D. AZ.
Opera/Controls - have you updated browserCaps in machine config? If
not, go to http://slingfive.com/pages/code/browserCaps/ or somewhere
similar and follow the instructions. Note that one bad one to try is
the site mentioned just above browserCaps. The updates never appeared.
Damien This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: PD |
last post by:
I am trying to stream out a PDF file via the response object and when I
execute the code it always brings up the first document that I pulled
up.Even when I step through the code, I can see the new values in
theData string array (see code below), but it serves up the first
document that I had run this code with. I streamed theData into a text
file to look at the values and it contained the appropriate ones for
the new document. Even when I...
|
by: Just D. |
last post by:
All,
Did anybody see this strange effect? The web application is written in C#,
ASP.NET, SQL, T-SQL, etc. A pretty usual stuff, complicated enough, but
works fine until...
Here is a question. I don't see any problem if I start this app on my local
computer against my local IE both in debug or release modes. If I upload the
same app to my corporate server where it works under HTTPS here are a few
possible ways.
|
by: Ed L. |
last post by:
Here's some of my current notions on pgsql performance tuning strictly as it
relates to pgsql tuning parameters in the context of a dedicated linux or
hpux server. I'm particularly focusing on the shared_buffers setting. I
invite any corrective or confirming feedback. I realize there are many
other hugely important performance factors outside this scope.
One key aspect of pgsql performance tuning is to adjust the memory ...
|
by: Sally Sally |
last post by:
I have a very basic question on the two parameters shared buffers and
effective cache size. I have read articles on what each is about etc. But I
still think I don't quite grasp what these settings mean (especially in
relation to each other). Since these two settings seem crucial for
performance can somebody explain to me the relationship/difference between
these two settings and how they deal with shared memory.
Thanks much
Sally
...
|
by: Don Kelloway |
last post by:
I'm a first-time user with PostgreSQL so please forgive my ignorance.
I've purchased (and read) Practical PostgreSQL (O'Reilly) and PostgreSQL
Essential Reference (New Riders). So far, so good. I think learning
PostgreSQL will not be as difficult as I thought it would be. I've also
been googling for the last few days, but I have a question in regards to
determining the proper size of the buffer cache parameter.
...
| |
by: sethwai |
last post by:
Hi,
I've read everything I can get my hands on and am still very
confused about the similarities and differences between
db2_mmap_read/write and concurrent i/o. It seems to me at this point
that they are virtually identical except that db2_mmap_read/write
applies at an instance level and concurrent i/o can be aplied at a
tablespace level. It seems that they both bypass the AIX file cache
and eliminate i-node locking. Is this correct?
|
by: Gwl |
last post by:
I made some test to mesure the c# read perfomance on binary file and I
made some curious discovery. Except for some minor details, the
following is the code I used to read the file:
byte buffer = new byte;
FileStream fileStream = new FileStream(fileName,
FileMode.Open,
FileAccess.Read, FileShare.None, fileStreamBufferSize,
fileOptions);
BinaryReader stream = new BinaryReader(fileStream);
|
by: MSwanston |
last post by:
Hi
I need some help with saving retreiving data from the cache, and how best to structure my code. FYI am working in VS2005/under .NET2 Framework.
Ok, we have a series of reports that get run via a report filter screen, and whilst each report is being generated, it populates a memorystream/streamwriter. This has always been done this way but I am trying to update/improve and generally speed things up.
The variables are declared as follows:...
|
by: rashao |
last post by:
I am using Postgres 8.1.4 on Linux. I am interested in calculating the following for a specific application:
How long it takes the operating system to fulfil a page demand, ie, reading the page from disk or from the OS cache to the Postgres shared buffer.
Also how long it takes the bgwriter to flush a page from the shared buffer into the OS cache or disk.
These can be averages or detailed info that I can analyze with other tools
Are...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| | |