tags:

views:

173

answers:

4
Q: 

How to remove the browser cache?

I have one image website where users can vote images. IMAGES ARE RANDOMLY GENERATED ON FIRST PAGE! Once they vote they're redirected using window.location to the image details page. If they click back they will see the same image...from the browser cache..and they can vote it unlimited times....

How to I remove the cache? I want the first page to refresh when I click back button! I already used : 

<meta http-equiv="Pragma" content="no-cache">
    <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
    <META HTTP-EQUIV="Expires" CONTENT="-1">

and 

<input type="hidden" id="refreshed" value="no">
<script type="text/javascript">
    onload=function(){
        var e=document.getElementById("refreshed");
        if(e.value=="no")e.value="yes";
        else{e.value="no";location.reload();}
        }
</script>

thanks !!!!!

+7  A: 

You don't want to use client-side checking to prevent users voting multiple times. That's just silly.

You want to check on the server whether a user has already voted for that image, and if so, direct them to some "Oops you've already voted for that" page and don't count the vote.

Anon.  2009-12-18 20:45:10
The vote is not added in the database,but I want users when click back to get new images! Of course they can't vote multiple times....I don't use any form,I use javascript and AJAX for the vote..
FinalDestiny  2009-12-18 20:48:30
@FinalDestiny I don't think you are getting the point.
Josh Stodola  2009-12-18 20:49:15
Even if you stop the cache people will find a way, perhaps by opening the link in a new tab. You might put a "give me new images" link on the image page so it's easy for them to view new images.
sakabako  2009-12-18 21:24:45
A: 

Using location.replace("URL_HERE"); instead of location.href = "URL_HERE"; will prevent the redirect from creating a new entry in the user's history. But I still think Anon's answer is absolutely correct.

Josh Stodola  2009-12-18 20:50:59
A: 

And what if the "hacker" has disabled JS ?

I would recommend for you to do few other things:

  • limit the amount of image one can vote for per 24 hours
  • keep all the votes in DB for 24 hours
  • give registered users higer max-votes limit
azazul  2009-12-18 20:57:24
A: 

You need to feed the image to the user dynamically instead of pointing to a file in a directory. So you have an 

image.php?id=1234

inside image.php you pretty much just open the image, uudecode it, and print it to the browser. Since the image is retrieved programatically you can simply block it or force a new image on them. If you don't want users to retrieve a specific image and want to always serve a random image, then don't use IDs at all in the url and simply serve up a random image file.

It also helps to stick in useless random data in the url, in this case generating a UUID would be a good idea. So even if you go with a solution that just does then do something like 

print '<img src="'. $image .'?'. uniqid() .'">';

It's no silver bullet, but it's another trick that prevents image caching.

TravisO  2009-12-18 21:27:18

related questions

Make Browser Window Blink in Task Bar
Large File Download
Browser's Default CSS
Disable browser 'Save Password' functionality
What's the simplest way to decremement a date in Javascript by 1 day?
Browser scrollbar
Limitations of screen readers.
Version detection with Silverlight
Best way to fix CSS/JS drop-down problem in IE7 when page includes Google Map
Recommendations for browser add-on tools to help with development
Hyperlinks displaced on IE7
Building Standalone Applications in JavaScript
HTML differences between browsers
Browser Sync accross many machines
Getting selected text in a browser, cross-platform.
How to get PNG transparency working in browsers that don't natively support it?
Best WYSIWYG CSS editor?
Javascript events
Preferred way to use favicons?
IE6: To support or not to support.
Getting the text from a drop-down box
Other browsers
Drag and Drop to a hosted Browser control
How can I tell if a web client is blocking ads?
How can I determine a web user's time zone?