Cache control 304s between logout/login of different users

So, this is an extension of this post.

We are now seeing an issue where when a user logs out, and the next user logs in, if a request is made to an endpoint the If-Last-Modified header is being sent with the information from the previous users responses. As a result, even though the endpoint gets different data, because of the date in the header (when it’s newer than the actual last modified), the data is being returned 304.

Is there something both client side and/or server side we are missing here? Can’t seem to figure out how to clear those stored values from the client. But also, on the server, is there anything we can do? It seems that because of the date in the header being newer, it’s correctly sending back the 304.

Additionally, we notice the request logger entries don’t list 304 responses - only as 200. Are the logged before it’s changed to the 304?

If you’re using the CacheResponse attribute you can specify to VaryByUser

Which will maintain different caches per User.