问题描述
我如何禁用ASP.NET或IIS为Firefox离线缓存?我发现这个职位:
How do I disable offline caching for firefox in ASP.NET or in IIS? I found this post:
Disabling浏览器缓存从ASP.NET所有的浏览器
这并不能完全解决问题。它只是禁用缓存从后退按钮(如果不是在离线模式下)。
This doesn't address the issue completely. It just disables caching from the back button (when not in off-line mode).
下面是一个简单的场景:
Here is a simple scenario:
如果用户A登录到他的银行。用户A是做交易,他甚至去更新一些个人资料。最后,用户A已经完成,从他的银行网站注销。用户A叶子上的浏览器,因为他有另一个标签页中打开下载的文件是几个演出。用户B想去给他的电子邮件发送一些电子邮件,让用户A没有关闭浏览器。他知道的安全隐患,因为他已经读一次注销的网站必须做什么,但他并不想停止下载。对于用户A,不得不重新下载对他太多的时间和好,他只是你的普通用户,完全不认为用户B(是他的好朋友)会想尽一切恶意的。于是用户B使用的浏览器。首先用户B所做的是脱机工作。用户B现在具有从用户A的页面具有用户B看的离线缓存中的所有数据。用户B现在可以打开历史查看这些缓存的网页,或者只是简单地点击回来,如果网页被悬空(两种方法都可行)。用户B目前拥有用户A已经浏览到的网页。所以任何敏感数据现在是他。
If user A logs on to his bank. User A is doing transactions and he even goes to update some personal data. Finally user A is done and logs off from his bank website. User A leaves the browser on, because he has another tab open downloading a file that is a few gigs. User B would like to go on to his email to send out some emails, so user A doesn't close the browser. He knows the security risks, because he has read what must be done once you log off of the site, but he doesn't want to stop the download. For user A, to have to redownload is too much time for him and well he is just your typical user and doesn't think user B (being a good friend of his) will do anything malicious. So then user B uses the browser. The first thing user B does is "work offline". User B now has all data from user A. The page has an off-line cache for user B to see. User B is now able to open the history to view those cached pages, or just simply click back if the page was left open (either way works). User B now has all the pages that user A has browsed to. So any sensitive data is now his.
有谁知道这是否可能在服务器级别控制。我知道,在Firefox你去about:config中,但这不是服务器来调整的选项。即便如此这可以告知用户,但不是每个用户都将能够做到这一点(即对一些用户来说太复杂),或者一些用户会忽略这些警告出于懒惰或者只是不读的页面的话。我知道会有一个人会说,哦,嗯,这是他们自己的错,他们应得的。老实说,我认为无知在这个意义上是不是用户的错。考虑一个老年人在80岁谁不是技术为中心的(就像我的父亲是谁我不断地给他做的和不要的关于网上,但他仍然没有真正理解风险完全)。
Does anyone know if this is possible to control at the server level. I know in firefox you go to about:config, but that is not an option for the server to tweak. Even so this can be told to the user, but not every user is going to be able to do this (being too complicated for some users) or some users will just ignore the warnings out of laziness or just not reading what the page says. I know there will be that one person that will say, "oh well that's their own fault and they deserve that". I honestly think ignorance in this sense is not the user's fault. Consider an older person in their 80s who is not technology-centric (like my father who I constantly give him the do's and don't's about online, but he still doesn't really understand the risks completely).
于是我再次重申,是否可以在服务器级别禁用这种离线缓存?我也发现了这个帖子:
So I reiterate again, is it possible to disable this kind of off-line caching at the server level? I also found this post:
这会帮助呢?任何帮助,请。请有建设性,而不是开始辩论。我觉得我已经很清楚,我已经做了很多的研究对这个没有运气。请注意,只有在Firefox中的离线缓存是什么让这个问题,在其他浏览器(或在Firefox onlinle)如预期缓存已被禁用。
Would this help at all? Any help please. Please be constructive and not start a debate. I think I have been very clear, and I have done a lot of research on this with no luck. Please note that only the off-line caching on firefox is what is giving the problem, on every other browser (or on firefox onlinle) the caching has been disabled as expected.
更新:
我其实已经有了最后一个环节提出了什么(http://forums.asp.net/post/1386380.aspx),它仍然没有prevent的问题。
I actually already have what the last link suggests (http://forums.asp.net/post/1386380.aspx) and it still doesn't prevent the problem.
推荐答案
从服务器端禁用缓存是一种不可能的,因为服务器只能请求浏览器不在缓存中存储。剩下的就是浏览器遵循这一点。
Disabling cache from server side is kind of impossible because server can only request the browser to not store in cache. Rest is up to the browser to follow it or not.
最好的办法是不要将数据发送到浏览器,所以它不缓存,使用JSON / XML或您习惯使用任何事物,而不是获取它的需求。
The best option is not to send the data to browser , so it is never cached, instead fetch it on demand using json/Xml or any thing you are comfortable with.
这是为我工作的唯一诀窍是通过普通页面的方法去除所有加载的敏感信息,并通过对window.ready事件阿贾克斯/ jQuery的加载它。一旦我实现的回调和Ajax后退按钮和脱机工作的问题得到了解决,但推出与AJAX回调真是一项艰巨的任务。
The only trick that worked for me was to remove all sensitive information from loading via regular page methods, and load it via ajax/jquery on window.ready event. Once I implemented callback and ajax the back button and 'work offline' problem got solved but rolling out that with ajax callback was really a big task.
这篇关于是否有可能禁用离线在ASP.NET缓存为Firefox(在服务器级别)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!