Prevent user from seeing previously visited secured page after logout

Question

I have the requirement that the end user should not be able to go back to the restricted page after logout/sign out. But currently the end user is able to do that by the bro

Answer 1

The correct way to do this is to add the

Vary: Cookie

header on secured pages. When the user logs out, clear their session cookie. Then, when they navigate back after logging out, the browser cache will miss. This also has the benefit of not completely defeating caching.