This blog post is a contribution from Charls Tom Jacob, an engineer with the SharePoint Developer Support team.
But that’s not the case with other browsers (Firefox, Chrome etc.,), which does not allow closing the window using script. Again, IE leaves it to the user to decide whether to close the window or not.
You might be using your SharePoint site to store any sensitive information like order/purchase details or even credit card numbers, or anything that’s confidential. You have wide variety of users who are technical and non-technical, who access the site from the intranet/extranet or from public internet cafes. Suppose the user is viewing or editing some items and decides to sign out of the site, without bothering to close the browser window, anyone can get to the previous page simply by pressing the browser back button, leaving the sensitive data open to others.
This happens as the page is served from the browser cache and not loaded from the server. If you reload the page, SharePoint senses that you have logged out of the site and takes you to the login page. Of course caching is a good thing as it helps to serve the pages faster, but this is a downside as it’s controlled by the browser and not the server.
Now coming back to the title of the blog, most easy solution would be to prevent users from pressing the back button – ultimately to disable it! But that’s not going to be very easy, you may find ‘n’ number of techniques claiming to do that but none of them would serve the purpose across different browsers.
So in the SharePoint context (rather ASP.NET), solution is to develop a custom master page and a few lines of code, instructing the browser not to cache the page. When the page is not cached, browser will force itself to send a request to the server each time the page is requested. You many not want to do this for all the pages/sites as it again impacts performance.
Here I won’t be going into the details of how to set the master page dynamically, but use a custom master page on a site, that does no cache, hence “secures” your data after a sign out.
1. Created a master page using Visual Studio. Call it NoCache.master.
2. To preserve the look and feel, copy the contents from your site master page (Download the master page from the master page gallery).