Hi There I wonder if anyone can help me with a general query.

If a web application is displaying information from a database system where the content is secure (selected from restricted views in line with the user's profile), how would caching work?

For example user x selects the following:-

http://abc/test.asp?id =1

the outcome is presented to the screen (because the user has permissions to the data)

User y then accesses the same page, but does not have access to the data, would they see the result of user x's request from the cache?

Hope this is clear.

Thanks

Unless they use the same computer and the person can click back through their history chances are you're ok. If you want to expire a page right away though, you can set the expiration of the page with:

Response.Expires [= number]

or

Response.ExpiresAbsolute [= [date] [time]]

In the first case number indicates how many minutes the page will remain active in the cache. Setting it to 0 (zero) should effectively expire the page as soon as it's loaded. In the second case date and time are the date and time the page will expire. The date and time are converted to GMT though.. something to keep in mind.

Also, you always have to do your header changes (in this case, the expiration header) before you write any text to the browser.

Thanks Seppuku,

I was thinking more of a server side cache, (which I understand IISprovides) I think you are describing a means of disabling client-side caching.

I want to use the server side cache to improve performance, but not at the cost of security.

Just wanted to know if the server side cache would be intelligent enough to know that the data is secure?