<< DNN: Understanding the DotNetNuke .dnn File | Home | Self Improvement >>

DotNetNuke "Warning: Page has Expired"

Warning: Page has Expired
The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.

To resubmit your information and view this Web page, click the Refresh button.

This error in DNN occurs from a line of code in the default.aspx.vb (in v2.1.2, it's line 227):

Response.Cache.SetCacheability(HttpCacheability.ServerAndNoCache)

Commenting out that line removed the annoying message, and now users can browse their history even if the page is a result of a server post.

NOTE: Commenting out the line above allows all responses to be cached locally.  This is a potential security issue, as users can now browse through the history of a session.  It is not recommended to modify the cache settings if your site has secured content.

Print | posted on Tuesday, August 31, 2004 12:21 PM

Feedback

# re: DotNetNuke "Warning: Page has Expired"

left by cathal at 2/6/2005 9:30 PM Gravatar
The code in 2.12 is there to stop people pressing back and getting access to pages they're not allowed to if they don't belong in that role e.g. user A logs in as an administrator, browses a few admin functions, and then logs out. User B, who is not in the Administrators role, then gets access to the computer, and press's the back button and can view the pages.

It's been altered in 3.0x so local caching only affects authenticated users :

' avoid client side page caching for authenticated users
If Request.IsAuthenticated = True Then
Response.Cache.SetCacheability(HttpCacheability.ServerAndNoCache)
End If

# re: DotNetNuke "Warning: Page has Expired"

left by Gerry at 2/7/2005 9:51 AM Gravatar
A majority of pages viewed in most DNN sites are likely not admin pages. A better solution may be to allow page caching, but implement a practice of preventing local-caching by control, if necessary. Providing a SetCacheablility property in PortalModuleControl may be the solution for this.

It's a simple usability issue. EVERYONE uses the back button. When users can't retreat through their history, they get annoyed. In the Intranet environment that I manage, it was crucial to allow them to move back from a POST without getting a "Page expired" message. The one big reason I needed to allow local caching on POSTs was so users can return to the search page after posting a search query. I will add a notice to my post that the cache is configured for security purposes, and that disabling it could be a security issue.

Thanks cathal, the skin's looking good, btw ;)
http://www.cathal.co.uk
Title  
Name
Email (never displayed)
Url
Comments   
Please add 8 and 5 and type the answer here:
Copyright © Gerry Heidenreich