Vinit Patel

stop browser capturing application url in history

Posted on: September 25, 2009


Requirement: Browser Url history should not be maintained + application cache should not reveals sensitive Information

The Steps are following :=

Disable the Cache for each application page. You can use following code lines to accomplish this in the Application PreRequest Handler Execute method of the global.asax file

HttpContext.Current.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));

HttpContext.Current.Response.Cache.SetValidUntilExpires(false);

HttpContext.Current.Response.Cache.SetRevalidation(HttpCacheRevalidation.AllCaches);

HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);

HttpContext.Current.Response.Cache.SetNoStore();

HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);

Now your cache is disabled now for stopping the url to be in browser url history use https

Use secure socket layer for all the communications. Browser (tested for IE 6/7) will not maintain History for the encrypted pages (Https communications)

One problem will occur on doing the above steps if you provided a file download then it will not work. This also confirmed by Microsoft for the office documents. You can refer the below link to confirm the same http://support.microsoft.com/kb/316431  this also can be solved by allowing the cache for that specific request. This is achieved as follows

a.      On the click event of the file download. Clear all the previous response headers and add the new response header to instruct to allow cache with the below details so that what so ever data is retained in cache is also invalidates as soon as possible.

//Clear previous response headers set in the first step above

Response.Clear();

Response.ClearHeaders();

//Add the cache header

Response.AppendHeader(“Cache-Control”, ” max-age=0, must-revalidate”);

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Calendar

September 2009
M T W T F S S
« Jul   Oct »
 123456
78910111213
14151617181920
21222324252627
282930  

Stats Of Blog

  • 6,962 hits

Cluster Map

%d bloggers like this: