Asp.Net浏览器缓存、信息安全问题

废话不多说直接上代码！

第一、禁止登陆页面在浏览器端缓存

<%
        Response.Buffer = true;
        Response.ExpiresAbsolute = DateTime.Now.AddSeconds(-1);
        Response.Expires = -1;
        Response.AddHeader("pragma", "no-cache");
        Response.AddHeader("pragma", "no-store");
        Response.CacheControl = "no-cache";
%>

第二、服务器端做用户权限安全校验

protected void Page_Load(object sender, EventArgs e)
{
     if (Common.SessionManage.login)
     {
        Common.SessionManage.RemoveAll_Session();
     }

}

 

第三、安全跳转，所有需要权限校验的页面都继承BasePage

 public class LoginPage:BasePage
 {
  protected override void OnPreLoad(EventArgs e)
  {
   if (!Common.SessionManage.login)
   {
    StringBuilder sb = new StringBuilder();
    sb.Append("<script type=\"text/javascript\">");
    sb.Append("if ((window.top!=null) && (window.top.opener!=null)){alert('操作超时，请重新登录！');window.top.opener.location.href = \"/login.aspx\";window.top.close();}");
    sb.Append("else{if ((window.top!=null) && (window.top.location.href!=window.location.href)) {alert('操作超时，请重新登录！');window.top.location.href = \"/login.aspx\";} else{ alert('操作超时，请重新登录！'); window.location.href = \"/login.aspx\";}}");
    sb.Append("</script>");
    Response.Write(sb.ToString());
    Response.End();
   }
   base.OnPreLoad(e);
  }
 }