Hello I am developing a solution in MVC in first time so I am facing a big issue, When I logout from my application(mvc razor web application) it displays login page, but if i press browser back button it displays last screen, i don't want this, i want if i press back button it still display same login page. here is my code for logout

public ActionResult Logout()
    {
        Session.Clear();
        Session.Abandon();
        Session.RemoveAll();

        FormsAuthentication.SignOut();


        this.Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
        this.Response.Cache.SetCacheability(HttpCacheability.NoCache);
        this.Response.Cache.SetNoStore();          

        return RedirectToAction("Login");
    }

I had this problem a while ago, disabling the cache for the entire application solved my problem, just add these line to the Global.asax.cs file

        protected void Application_BeginRequest()
        {
            Response.Cache.SetCacheability(HttpCacheability.NoCache);
            Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
            Response.Cache.SetNoStore();
        }

Hope this helps.

You need to add the cache META Tag for all the last page you visited

So add this for all the pages, by making a CustomAttribute like [NoCache] and decorate

public class NoCacheAttribute : ActionFilterAttribute
{  
    public override void OnResultExecuting(ResultExecutingContext filterContext)
    {
        filterContext.HttpContext.Response.Cache.SetExpires(DateTime.UtcNow.AddDays(-1));
        filterContext.HttpContext.Response.Cache.SetValidUntilExpires(false);            
        filterContext.HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
        filterContext.HttpContext.Response.Cache.SetNoStore();

        base.OnResultExecuting(filterContext);
    }
}


public class AccountController : Controller
{
    [NoCache]
    public ActionResult Logout()
    {
        return View();
    }
}

Or try it with javascript on the page like

<SCRIPT type="text/javascript">
    window.history.forward();
    function noBack() { window.history.forward(); }
</SCRIPT>

<BODY onload="noBack();"
    onpageshow="if (event.persisted) noBack();" onunload="">

protected void Application_BeginRequest()
        {
            Response.Buffer = true;
            Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
            Response.Expires = -1500;
            Response.CacheControl = "no-cache";
            Response.Cache.SetNoStore();
        }

Add [Authorize] filter on each controller

  protected void Application_BeginRequest()
    {
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
        Response.Cache.SetNoStore();
        string emailAddress = null;
        var cookie =Request.Cookies[FormsAuthentication.FormsCookieName];
        // Nothing to do if no cookie
        if (cookie != null)
        {
            // Decrypt the cookie
            var data = FormsAuthentication.Decrypt(cookie.Value);
            // Nothing to do if null
            if (data != null)
            {
                // Deserialize the custom data we stored in the cookie
                var o = JsonConvert.DeserializeObject<FormsAuthenticationTicketData>(data.UserData);

                // Nothing to do if null
                if (o != null)
                    emailAddress = o.EmailAddress;
            }
        }
        SetupAutoFac(emailAddress);
    }

Easiest way for a MVC 5 Application is:

[OutputCache(NoStore = true, Duration = 0, VaryByParam = "None")]

Above each of the Controller Methods you don't want to Cache. Or if you are using .Core the following works:

[ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]

Have a nice day!