Can an Identity Owin logged in cached View be relaxed to survive an offline page refresh (F5 or browser icon click) post successful login / post cache all it can?

Question

User-369914820 posted

 

----------

----------

Question: 

Can an Identity Owin logged in cached View be relaxed to survive an offline page refresh (F5 or browser icon click) post successful login / post cache all it can?

----------

----------

If the answer is Yes.. then I just got to keep digging and cache or untie some server talk.  Certain login controllers with cache profile attributes? More Cache Manifest file entries?  Seems like she trying to cache ok by default with browser cache turned on and not adding a web.config cache profile... since I had to add this attribute to my Login controller to get it to stop caching on the login screen and avoid a scenario I found that hits 'The provided anti-forgery token was meant for a different claims-based user than the current user'..............<OutputCache(Location:=OutputCacheLocation.None, NoStore:=True, VaryByParam:="none")>................ but even removing this anti-cache tweak from login controller, a login view not survive page refresh by default settings hmm.

If answer is No since I not fully understand architecture... then you save me lots of time trying to have a View survive a page refresh in a post-logged-in offline environment. :)

.. again please excuse if dumb q :)  I'm not an Owin nor mvc expert or nuttin.. And not fully understand and may not be Owin related.

---------------------------------------------------------------

---------------------------------------------------------------

I have a View running okay and surviving an F5 page refresh when offline okay in another project.  Cached okay ref: "Allow website caches and databases" IE setting.

But was hoping to move that code inside another project with login protection tied to sql server identity tables. I have code moved and View works great post login.. even offline.

Until I hit F-5 refresh or navigate Back while offline in the login protected project...then she get the ol no internet crash stuff..

Maybe not possible and not matter what files I try and cache, once a View is protected by a login, she tied to Owin middleware server dlls or somin or cookies or hmm.

----------

ie: I have a View being created after the Controller is <Authorize>'d okay post login. Stuff chugs along great :)

Just so happens though that the View created is an offline one that uses html5 localStorage and Manifest.vbhtml stuff.  And it works offline great ... post login even... as long as page doesn't do big ol browser refresh icon post click thingy.  Then it die I suspect due to token stuff.

Is there some type of connection with Owin host at all times?

For my View and Controller code was copied from my other non-login project where all cached okay and survives page refresh....ie: other non-login project let me hit F-5 or browser icon refresh while in there or even link back to previous view while offline since browser cached it okay.

But in login project: F-5 fail: I can login and pull the wire okay and still use page and add to localstorage db okay and work offline.

But if I hit page refresh.. maybe something on the server is talked to and crashes in the login version project.

The code in my simplier non-login project survives a page refresh.  When online, the View uses jquery to talk to Controller that returns Json.  And can survive an offline page refresh since all files used seem cached okay.

If the answer to the question is Yes.. then I just got to keep digging and cache or untie some server talk.

If answer is No since I not fully understand architecture... then you save me lots of time trying to have a View survive a page refresh in a login environment.

:)

I know Login.vbhtml ties into server via 1st line: @ModelType LoginViewModel etc. But thought once passed all this and in my offline view okay.. can I avoid talking to anything going to server during View F-5 hmm  

Maybe my understanding of owin oauth2 middleware is not javascript-able or client-able is issue?

and stuff like this hints towards answer:

https://github.com/andreassolberg/jso/blob/master/README.md

Thanks,

Joe

*****************************************************************

*****************************************************************

ps:

I'm doing all this for on an ipad, the menubar in chrome and safari is not disappearing for me like it does on a new clean window popped up on the desktop equivalent browser versions of safari and chrome.  And I want users to be able to accidently hit the refresh icon while on this offline app running on an ipad browser.  I played with ipad browser settings and scrolling down does have upper menu bar with refresh icon temp disappear until user scrolls up again.  But ipad aside..would be cool to have webpage view survive an F5 / refresh icon click (hehe I'm afraid to say 'page postback' in case it a dirty word in the non viewstate MVC design).  Versus giving users a version of this offline app without login protection but survive an accidental refresh/F5/back click.

pss:

k.. I got Safari on ipad to go full screen like desktop. After launch it, add website to 'Home Page' via the little + button.  It then creates a start icon on ipad home page. Then next launch via icon my popup webpage goes full screen  But darn.. hitting circle home button and re-maximizing the webpage has it do a 'Post/Submit of some sort.  Thus like clicking refresh icon. Thus gotta cache or clientize owin stuff. hmm.   Or have ipad button not call a View submit n false it all. Then full screen version of cache page would suffice and work offline after a login while online.

This may also have helped besides adding Safari webapp to ipad home page.  Putting this in page itself.

  <meta name="apple-mobile-web-app-capable" content="yes" />
  <meta name="apple-touch-fullscreen" content="yes" />

psss:

hmm.. ipad home page circle only seem to cause refresh when played with if launch webpage from the 'add to homepage' trick mentioned above.

Hmm..login version (that not like safari refresh icon pressed if used when not full screen) and non login version (survive accidental safari refresh icon push) both do a refresh if launched on an ipad from the homescreen (‘add to homepage’ so that ipad listens to fullpage code on future launches) and one plays with circle button.

 But you can play with circle button on either version without a refresh page-post and thus both survive if launched from the Safari icon....and not use the ‘add to homepage’ trick.

However, a login version not using the homepage icon trick does not listen to the go fullscreen code (assume ipad issue only) and a user could click the refresh icon in the address bar and get stuck.

*****************************************************************

*****************************************************************

Below just notes:

---------------------------------------------------------------

---------------------------------------------------------------

---------------------------------------------------------------

hmm:   oauth2 is a protocol.... used by Owin ( Open Web Interface for .NET --- OWIN middleware Components (OMCs) ---

IAppBuilder

---hmm Katana hmm) ... third party authentication middleware vrs IIS......  Microsoft opensource owin..... can hook to ie: facebook/twitter ..social networks provide you token.. .. owin decouples server and application...Host OWIN in IIS...Self-Host OWIN in a Console Application

---------------------------------------------------------------

---------------------------------------------------------------

---------------------------------------------------------------

----------

Other stuff / talking to myself / notes for future read:

----------

I played with Visual Studio project templates and created or thought about these project folders I made:

MvcApplication1_mvc4_SimpleMembershipProvider_FrmYes

MvcApplication1_mvc5_Identity_OwinNo_IndivUserAuth .. (just thought about this one)

MvcApplication1_mvc5_Identity_OwinYes_IndivUserAuth

.. and decided to play with the third Identity user stuff with Owin and the default project works great :)

hmm things I'll have to look at closer but think okay packages.config BundleConfig.vb

hmm OwinRequestScopeContext    (some type of client setting?)

hmm Fiddler not happy when try run offline.. but looks like all .js etc files I cache okay

hmm iecvlist.microsoft.com ieonline.microsoft.com www.microsoft.com /pkiops/crl/ tunnel to urs.microsoft.com:443 mobile.pipe.aria.microsoft.com:443

hmm Prevent Forms Authentication Login Page Redirect When You Don’t Want It

hmm outputCacheProfiles

hmm HandleAntiforgeryTokenErrorAttribute

----------

---------------------------------------------------------------

---------------------------------------------------------------

hmm.. maybe I gone overkill with oAuth2 ? .. And  not that I fully understand it.

hmm this what I use

<package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net451" />

hmm

https://msdn.microsoft.com/en-us/library/hh243647.aspx
Note  Do not include the wl.offline_access scope if you're using the implicit grant flow (response_type=token).
http://tools.ietf.org/html/rfc6749
The OAuth 2.0 Authorization Framework

hmm

offline_access scope  (oh wait.. that just to use windows live I believe...similar to how google use has: AccessType = "offline") 

hmm .. maybe I doing overkill?  I just want to have a controller <authorize>'d via sql server aspnetusers type tables that I connect to okay in web.config.

And then go offline and be able to refresh a page post login okay.

maybe below from my web.config is overkill since I not talking to third party stuff...(well.. Microsoft.owin)... just my webpage trying to login to my sql tables and go offline?:

<

runtime>

    <

assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

      <

dependentAssembly>

        <

assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" />

        <

bindingRedirect oldVersion="1.0.0.0-3.0.1.0" newVersion="3.0.1.0" />

      </

dependentAssembly>

      <

dependentAssembly>

        <

assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" />

        <

bindingRedirect oldVersion="1.0.0.0-3.0.1.0" newVersion="3.0.1.0" />

      </

dependentAssembly>

      <

dependentAssembly>

        <

assemblyIdentity name="Microsoft.Owin.Security.Cookies" publicKeyToken="31bf3856ad364e35" />

        <

bindingRedirect oldVersion="1.0.0.0-3.0.1.0" newVersion="3.0.1.0" />

      </

dependentAssembly>

      <

dependentAssembly>

        <

assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" />

        <

bindingRedirect oldVersion="1.0.0.0-3.0.1.0" newVersion="3.0.1.0" />

      </

dependentAssembly>

      <

dependentAssembly>

        <

assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />

        <

bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />

      </

dependentAssembly>

      <

dependentAssembly>

        <

assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />

        <

bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />

      </

dependentAssembly>

      <

dependentAssembly>

        <

assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />

        <

bindingRedirect oldVersion="1.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />

      </

dependentAssembly>

      <

dependentAssembly>

        <

assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />

        <

bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />

      </

dependentAssembly>

      <

dependentAssembly>

        <

assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />

        <

bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />

      </

dependentAssembly>

      <

dependentAssembly>

        <

assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />

        <

bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />

      </

dependentAssembly>

    </

assemblyBinding>

  </

runtime>

Answer 1

User1686483761 posted

Hi newf,

‘

Can an Indentity-Owin type protected View be relaxed to survive an offline page refresh (F5 or browser icon click) post login / post cache all it can?

I'm not sure what you mean, could you please describe your problem in detailed ?

Best Regards,

sudo10

Answer 2

User-369914820 posted

*****<opp I just realized in simple example I gave below it not include a cache manifest file like my real project which prob key as well... hmm and that guy has an asterisk under NETWORK: entry....maybe if I remove that in my login version of the cache project.  Anyways.. just wondering if Owin login stuff is cacheable>****

Thanks for reply sudo10 :)  Ya I got blibber blabber all over the place hehe.

Hmm.. maybe I can start from scratch by doing this to help answer and describe question.

In fact I prob should have played with below simple View scenario before posting q based on my bigger View.... but shag it I'll still put my head on the block  :o

----------------------------------------------------

If I had VS Pro 2013 and I created an mvc5 application with 'Individual User Accounts' pointed to a sql server on some server holding the tables.

It creates a nice project with 'Account' Views with related Models and Controllers.  And registers and logs in perfect from the welcome Home page.

I login and it goes to back to Home page all logged in nice.

----------------------------------------------------

But lets say I put this on the home page of the nice project created for me:

@Html.ActionLink("Forums AspNet Hello World Hmm", "Index", "ForumsAspNet")

----------------------------------------------------

and I protect it by putting this on it's controller

<Authorize>

Public Class ForumsAspNetController

...

.

----------------------------------------------------

she works perfect... and sends me to login page if I click actionlink ... and I log in and all works good and I'm redirected to View okay.  Lets pretend this ForumsAspNet Index View only had 'Hello World'  on it.

And throw this layout=nothing up top of this simple ForumsAspNet Index View to help it relax and be even more free :)

ie: avoid the login banner being put up top that would make View more tied to server.

ie:
hmm _ViewStart.vbhtml calls _Layout.vbhtml
hmm _Layout.vbhtml calls:  @Html.Partial("_LoginPartial")
hmm and _LoginPartial.vbhtml ties in with:  @Imports Microsoft.AspNet.Identity
hmm ps: If you return PartialView() from your controllers (instead of return View()), then _viewstart.cshtml will not be executed. .. but that's when I played with creating a home screen without login banner up top.  Layout=Nothing on helloworld view should clear out login banner up top of this simple hello world ForumsAspNet Index View.

@Code

  Layout = Nothing

  ViewBag.Title = "hello world"

End Code

----------------------------------------------------

Assuming IE browser cached is turned on under Tools/Internet Options/Browsing History/Settings/Caches and Databases/ Tick on the 'allow website caches and databases' :

ps:

And actually.. I have my fancy real non-hello world View caching for offline via a manifest file.

Maybe that will help?

CACHE MANIFEST

...what if I tried for this simple helloworld view project to cache all seen .js files etc

ie:

/Scripts/jquery-1.10.2.min.map
/Scripts/jquery.validate-vsdoc.js
/Scripts/jquery.validate.min.js

...

bootstrap..

..

.

list in manifest file whatever I see used in MS template mvc5 auth project to see if a helloworld View can survive user hitting F5

can this simple view, once logged in, be free of needing to talk to middleware for token / cookie validate stuff etc and do a page refresh and not crash?

Anyways.. when I'm in the helloworld View from the actionlink click all logged in right nice n all:

-------------------------? ? ?

Can I then pull the internet cable and go offline and then have the View survive a user pressing F5 or clicking the refresh icon on the browser? Or will the page crash due to some login tie in even though hoping view has nothing tied to it post successful login.

Maybe some 'client cookie Owin' setting can keep it all on client if above scenario fails?

Or maybe owin need internet for stuff like ValidateAntiForgeryToken.   I just blabbing.

Or some way I can let this simple Hello World view be free to survive an offline F5 refresh without a crash that may be caused by Microsoft.Owin.Security ?

ie: can I have a view no longer talk to server or whatever I assume is crashing it once user in there okay?

ie: can a cache manifest file and IE cache setting turned on let a View .. post a login okay while online....... then pull wire.. then work offline going to html5 localStorage okay.. but then user accidentally clicks the browser refresh icon?

Note I got it all working where can login in online.. play offline... then put wire back in and go to login home page okay and login stuff okay once wire back in.

As long as user not try refresh webpage with wire out and logged in.

User can do it of course in another project where view is cached.. but not tied into owin security .. ..

-------------------------? ? ?

When I created this question, it was based on my working more complex View surviving an offline F5 refresh in another project without login stuff.

Maybe I got to try above scenario with simple HelloWorld on a View created from the above ForumsAspNet example

Maybe I need a kick in the arse and only some type of javascript screnario is needed to use MS nice identity stuff if want to survive an offline browser refresh click.

Maybe I should figure out a simplier login project and not use this template that has owin stuff.

hmm...

I did not do simple scenario above yet.. just typing what would be equivalent of what I did with my more complicated view that survives a page refresh offline in other mvc project without security.

hmm..

maybe the _LoginPartial.vbhtml or Startup / ConfigureAuth etc is always called every page refresh .. even with View layout set to nothing .. and thus dies since talks to server and not client side code and View cannot be released from dbcontext stuff.    No.. startup just at startup hmm.

hmm

OwinRequestScopeContext

hmm

remming out external stuff talking to these guys in pacakges.config I not sure if help.. hmm maybe owin not way to go to html5 cache a view post login..... claims stuff?

Owin.Security.Facebook / Twitter / Google

hmm

is 'externalcookie' in Startup.Auth.vb the issue

hmm

maybe I just not get the basics of how token stuff is all tied in to server and one cannot go offline and F5-Refresh an already generated view that is cached by a browser

hmm

-IsPersistent: accountcontroller.vb / verifycode.vbhtml / ManageController.vb / hmm rememberbrowser default is false and I still have it false / but hmm i not hit that code in diff spots / isPersistent := model.RememberMe, rememberBrowser := model.RememberBrowser
-Context.GetOwinContext / IOwinContext / OwinContext / IdentityFactoryOptions
-TimeSpan / SlidingExpiration
-TwoFactorRememberBrowserCookie: hmm not used i believe by default
-Claim custom stuff needed?: var id = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie); 
-authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
-UserStore: IUserLoginStore  IUserClaimStore
-Manifest.vbhtml: FALLBACK: / NETWORK:
-Microsoft.Owin.ResponseCookieCollection
-HttpContext.GetOwinContext
-Microsoft.AspNet.Identity.Owin.SignInManager.SignInAsync   / .Signin
-outputCacheProfiles
-javasript cookie
-Simple Owin Caching

-Microsoft.Owin.Security.Cookies
-Microsoft.Owin.Security.Cookies.dll
-Microsoft.Owin.Security.Cookies.CookieAuthenticationProvider / OnValidateIdentity / Create a new instance of the default provider

hmm

owin review:  https://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/

hmm

look at controller cache profile attributes for owin stuff like I said before soimewhere on this page :)

hmm

look at this again: offline_access scope  opp that prob just windows live stuff

hmm

this person touch on it a bit with Google Authentication? http://stackoverflow.com/questions/31036100/how-can-i-use-asp-net-mvc-owin-accesstoken-in-google-apis-call

ie: AccessType = "offline"

hmm

=============

https://tools.ietf.org/html/rfc6749#section-1.5

--------------------

Hardt                        Standards Track                   [Page 30]

RFC 6749                        OAuth 2.0                   October 2012

   An example successful response:

     HTTP/1.1 200 OK     

Content-Type: application/json;charset=UTF-8

Cache-Control: no-store    

Pragma: no-cache

     {       

"access_token":"2YotnFZFEjr1zCsicMWpAA",       

"token_type":"example",       

"expires_in":3600,       

"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",       

"example_parameter":"example_value"

=============

hmm

have access token last forever and not call refresh token ?

hmm

once log in programmatically unhook app from all authentication so offline view can refresh without talking to server .. but at least logged in to get to page at first

hmm

code breakpointing now okay below on server code spot that is called on f5-refresh click of logged in cached view (right away.. not timespan thingy).  So hmm can I not have this server code called offline in this Owin middleware (vrs iis) template auth vs 2013 pro mvc5 project.  Can middleware be ignored on user repost once logged in...hehe 'claim' she all good when offline? 

'joenote hmm IdentityFactoryOptions / iowincontext
    Public Shared Function Create(options As IdentityFactoryOptions(Of ApplicationSignInManager), context As IOwinContext) As ApplicationSignInManager
        Return New ApplicationSignInManager(context.GetUserManager(Of ApplicationUserManager)(), context.Authentication)
    End Function

hmm

identitymodels.vb server hit around 2 times for launch link page and around 5 times for 113 cache launched page that has msgbox alerts and .js includes  (which all cache okay outside this project)

hmm

http://stackoverflow.com/questions/23983726/expiretimespan-ignored-after-regenerateidentity-validateinterval-duration-in-m

http://stackoverflow.com/questions/28627061/owin-ws-federation-setting-up-token-sliding-expiration

http://stackoverflow.com/questions/23622047/identity-cookie-loses-custom-claim-information-after-a-period-of-time

Answer 3

User1686483761 posted

Hi newf,

what if I tried for this simple helloworld view project to cache all seen .js files etc

If you'd like to cache these files, you could refer to the following link....

http://dejanstojanovic.net/aspnet/2015/april/microsoft-iis-and-aspnet-mvc-caching-techniques/

Answer 4

User-369914820 posted

Thank-you for link sudo10. Attribute and config file caching on controller itself.
I'll keep playing and look at how your suggested link handles caching from more of a proper mvc angle.
Maybe I can do stuff similar to suggested link and put more caching in config files and on controllers that are used in MS owin oauth2 token design sample project.
Hmm.. Maybe I can find out what post(after) successful login profile controller stuff needs caching and survive an F5 offline refresh click like my view does in another non-login project.

Joe

===========================================================================

===========================================================================

===========================================================================

Just other notes in case help future:

All this below just sample code on a View that is offline okay and believe not related to issue on how login stuff not cached before this view is entered and used offline okay

All this below just sample code on a View that is offline okay and believe not related to issue on how login stuff not cached before this view is entered and used offline okay

All this below just sample code on a View that is offline okay and believe not related to issue on how login stuff not cached before this view is entered and used offline okay

All this below just sample code on a View that is offline okay and believe not related to issue on how login stuff not cached before this view is entered and used offline okay

All this below just sample code on a View that is offline okay and believe not related to issue on how login stuff not cached before this view is entered and used offline okay

All this below just sample code on a View that is offline okay and believe not related to issue on how login stuff not cached before this view is entered and used offline okay

:)

Currently my offline View does a 'Cache Manifest' of all ie: .js files etc it needs when online.
And with browser cache ticked on, she can survive a page refresh inside my non-login version project.
I then only have the cached View talk to server Controller when she online.
Otherwise View just keeps chugging data okay to offline html5 database.
And user can't click button that talks to a Controller until online.
The view can survive offline inside a login project as well. And users can go mad safely clicking buttons.
Unless they accidentally refresh page.
Hmm.. lean controller / config cache as suggested by sudo10

Below just sample stuff of javascript/jquery/json offline client View code avoiding Controller when offline okay.... hmm some MS login Views outside of this offline View needs caching...hmm sudo10 suggest look at login Controllers to setup caching on server side ..

========================================
========================================

All this below just sample code on a View that is offline okay and believe not related to issue on how login stuff not cached before this view is entered and used offline okay

All this below just sample code on a View that is offline okay and believe not related to issue on how login stuff not cached before this view is entered and used offline okay

.....
....
...
..
.
if (isOnLine()) {

hideNavtechSchFltFromServerONLINE(selectedIDSearchFor);

} else {
alert('..need to be online to hide Navtech Sch Dep Flight List from server.');
}

.....
....
...
..
.

===============================================

==== names of functions etc changed before I pasted it to this forum.. in case helps, the controller returns my list as Jason via web.mvc.jsonresult.. ie: Return Json(lstOut_RelatedInfo_COMBINED) ========
===============================================

function hideNavtechSchFltFromServerONLINE(selectedIDSearchFor) {

//stored proc returns field alias fake names to use in client javascript

...
..
.

$.ajax({
type: "POST",
cache: false,
url: "/CacheTestCrud113/hideNavtechFlightFromServer_InController",
dataType: "json",
data: cliNav

,
//success: function(data, status, xml){
success:

function (data) {

var tbNavDeparture = localStorage.getItem("tbNavDeparture"); //Retrieve the stored data
tbNavDeparture = JSON.parse(tbNavDeparture); //Converts string to object
//debugger;
if (tbNavDeparture == null) { //If there is no data, initialize an empty array
tbNavDeparture = [];
//debugger;
}

//debugger;

for (var i = 0; i < data.length; i++) {

var hmmFromServer = JSON.stringify({
FROMSERVER_IDMAIN: data[i].fieldidMainFakeName,
FROMSERVER_IDFP: data[i].fieldidFltPlanFakeName,
FROMSERVER_skeddeptimeFakeNameTodo: data[i].fieldfltskeddepFakeName,
FROMSERVER_fltnumberFakeNameTodo: data[i].fieldfltnumberFakeName,
FROMSERVER_fieldhideFakeName: data[i].fieldhideFakeName
});
//debugger;
tbNavDeparture.push(hmmFromServer); // ADD
localStorage.setItem("tbNavDeparture", JSON.stringify(tbNavDeparture));
//////tbNavDeparture = "";

} //for loop
tbNavDeparture = ""; // outside loop..hmm doublecheck .setitem

$("#Table_Navtech_skeddeptime_SpecificRow").html("");

var tbNavDepartureLOAD = localStorage.getItem("tbNavDeparture"); //Retrieve the stored data
tbNavDepartureLOAD = JSON.parse(tbNavDepartureLOAD);
//debugger;
//debugger;
//debugger;
//debugger;
for (var iNav in tbNavDepartureLOAD) {
var cliNav = JSON.parse(tbNavDepartureLOAD[iNav]);

var colourRedHide = "";
//debugger;
//alert (cliNav.FROMSERVER_fieldhideFakeName);
if (cliNav.FROMSERVER_fieldhideFakeName == true) {
colourRedHide = " ;background-color : red";
} else {
colourRedHide = "";
}

...
..
.

$("#Table_Navtech_skeddeptime tbody").append('<tr>' +
'<td></td>' +
..
.
readonly="true" value="' + cliNav.FROMSERVER_IDMAIN + '" style="text-align:center ' + colourRedHide + '" size="4" ></td>' +

.
.
}
tbNavDepartureLOAD = "";
cliNav = "";

} /////////////////////// end function bracket of callbackdata in this way of doing POST

,
//error: function(xml, status, error){
error: function () {
// do something if there was an error
//debugger;
alert('ahhh failure');
}

,
//complete: function(xml, status){
complete: function () {
// do something after success or error no matter what
//debugger;
// alert('completed.. failure or success');
//debugger;
}

});// $.ajax({ ............not parameter callbackdata function end bracket here .. this one bit diff

//debugger;

} //end function // hideNavtechSchFltFromServerONLINE

========================================
========================================

Hmm.. your suggested link gives me more to play with! Controller attributes may allow Owin cache all stuff.
ps:
As a side note :)
Previous to my forum question, similar to the suggested link, I did play with attributes before. But only in one spot for specific reason.
But I did rem out the OutputCache line I added to the Login Function below in case I was ruining Owin cache somehow.
I added below  <OutputCache(..   line to login because, after user logged in online, if user hit back button and tried logging in again, I got the anit-forgery token error.
With this attribute, when user hit back button the login screen clean .. without even focus set on a box.
But even without attribute, I hit issue and thus created question.
''''''''''''''''''
'The provided anti-forgery token was meant for a different claims-based user than the current user
'The provided anti-forgery token was meant for a different claims-based user than the current user
'k.. this solve: <OutputCache(Location:=OutputCacheLocation.None, NoStore:=True, VaryByParam:="none")> _
'k.. this solve: <OutputCache(Location:=OutputCacheLocation.None, NoStore:=True, VaryByParam:="none")> _

'''''''

' GET: /Account/Login
<AllowAnonymous> _
<OutputCache(Location:=OutputCacheLocation.None, NoStore:=True, VaryByParam:="none")> _
Public Function Login(returnUrl As String) As ActionResult
  ViewData!ReturnUrl = returnUrl
  Return View()
End Function
'''''''''''''''''''''''''''''''''''''''

========================================
========================================

=========================================================
=========================================================

=========================================================
=========================================================

=========================================================
=========================================================

/////////////////////////////////////////////////////////////////
// I now use this to call isOnLine4
function isOnLine() { // I now use this to call isOnLine4
//debugger;
//return navigator.onLine;
//return navigator.onLine;
//return navigator.onLine; this was orig way
//return navigator.onLine;
//return navigator.onLine;

if (isOnLine4() == 'CONTROLLER SAYS YOU ARE ONLINE VERSUS NAVIGATOR.ONLINE') {
//debugger;
//alert('k.. I using isOnLine4: we ONline ..true');
return true;
} else {
//debugger;
//alert('k.. I using isOnLine4: we OFFline ..false');
return false;
}
//debugger;
}//end function
// /////////////////////////////////////////////////////////////////

=========================================================
=========================================================

/////////////////////////////////////////////////////////////////
//4)   //////////

function isOnLine4() {

///kk put 4) way in a call after playing with a few ways

//debugger;

var onlinehmm = null;

$.ajax({
type: "POST",

async: false,

url: "/CacheTestCrud113/OnlineCheck_InController",
data: "{}",
dataType: "text"
,
//success: function(data, status, xml){
success:

function (data) {
//alert('k.. online alertbox.. next alert from server');
//alert(data); // this the string hi returned as json from controller so online

onlinehmm = data; // controller spits back : "CONTROLLER SAYS YOU ARE ONLINE VERSUS NAVIGATOR.ONLINE"

// doublecheck .. ya Cassini old word stuck in head :)
// doublecheck
//debugger;
var debugModeSheWillStillLookOnlineEvenWithWirePulledDueToIECassini;
debugModeSheWillStillLookOnlineEvenWithWirePulledDueToIECassini = navigator.onLine; // doublecheck
if (debugModeSheWillStillLookOnlineEvenWithWirePulledDueToIECassini == false) {
onlinehmm = "debugModeSheWillStillLookOnlineEvenWithWirePulledDueToIECassini";
}
//debugger;
// doublecheck
// doublecheck

} /////////////////////// end function bracket of callbackdata in this way of doing POST

,
//error: function(xml, status, error){
error: function () {

debugger;
//alert('ahhh failure...hmm offline check fail');
//looks like error when offline.. above alert fires each row click if unrem .. for thinks it an error
onlinehmm = 'ahhh failure...hmm offline check fail'; // this text not used.. I just look for success text from server returned in success above: CONTROLLER SAYS YOU ARE ONLINE VERSUS NAVIGATOR.ONLINE

}
,
//complete: function(xml, status){
complete: function () {
//debugger;
// do something after success or error no matter what
//alert('completed.. failure or success....online check');
}

});// $.ajax({ ............not parameter callbackdata function end bracket here .. this one bit diff

//debugger;
return onlinehmm;

}//end function //4) way inside another function
/////////////////////////////////////////////////////////////////

=========================================================
=========================================================

and in controller:

================

'hmm.. try to see if can talk to where this code is.. a true online test
'hmm.. try to see if can talk to where this code is.. a true online test
'The ContentResult may be used to return to an action as plain text. This class is inherited from the "ActionResult" abstract class.
'''
Public Function OnlineCheck_InController() As ActionResult
  Return Content("CONTROLLER SAYS YOU ARE ONLINE VERSUS NAVIGATOR.ONLINE")
End Function

=========================================================
=========================================================

=========================================================
=========================================================

=========================================================
=========================================================