如何从服务器端清除浏览器的缓存?
问题描述:
我必须创建一个处理用户敏感信息的Web应用程序.用户注销后,我需要立即清除浏览器的缓存,因为缓存的数据很容易受到攻击. 应该强制客户端的浏览器从服务器端清除缓存.同样,所有缓存策略都必须从服务器端公开给客户端.
I have to create a web application that deals with user's sensitive information. I need to immediately clear the browser's cache after user logs out since cached data would be vulnerable. Client's browser should be enforced to clear the Cache from server side. Also all cache policies must be exposed to the client from the server side.
这个问题有解决方案吗?
Is there any solution to this problem?
答
将响应设置为立即过期,并采取适当措施告知代理等,不要缓存:
Set the response to expire immediately, and for good measure tell proxies, etc., not to cache:
Expires: 0
Cache-control: private