In ASP.NET MVC we are having problems disabling back and forward caching on iOS. We don't want any of our pages in our site to be accessible from back and forward buttons for security reasons. We've tried setting:
[OutputCache(NoStore = true, Duration = 1)]
And a bunch of other things, but nothing works. We can't even do anything in the onunload event because iOS ignores that too. Any ideas?
How we finally solved this is doing this in the Layout view:
<script type="text/javascript">
@Html.Raw("var freshPage = true;")
</script>
Which sets a javascript variable to true when it runs through our C# code that tells us the page is fresh and went through our controller code. Then we put this in our global javascript file to check that variable whenever the page is pulled up:
window.addEventListener('popstate', function () {
// If fresh page is false that means it is a cached page, remove html and reload page.
if (!freshPage) {
$('html').remove();
window.location.reload();
} else {
freshPage = false;
}
});
This is the only event we could find that iOS fires when a page is loaded from the cache. This forces iOS to always run through our server side code even when the user uses the back and forward buttons by checking that variable. If it's the first page load it sees that fresh page is true, then flips it to false. Then if the user hits back or forward and comes back to this page this code will run, see that freshPage is false because it didn't run through our C# code, kill the html, and force a reload of the page.