I know this is a popular question in stackoverflow. I have gone through every same question and I am unable to find the right answer for me. This is my log out controller Action Result
[Authorize]
public ActionResult LogOut(User filterContext)
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
FormsAuthentication.SignOut();
return RedirectToAction("Home", true);
}
It didn't work for me. I also tried adding-
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Expires" content="0"/>
none of these resolved my issue.
The problem with your approach is that you are setting it where it is already too late for MVC to apply it. The following three lines of your code should be put in the method that shows the view (consequently the page) that you do not want to show.
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
If you want to apply the "no cache on browser back" behavior on all pages then you should put it in global.asax.
protected void Application_BeginRequest()
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
}