Is there a way to keep a page from rendering once a person has logged out but hit the “back” button?

Question

I have some website which requires a logon and shows sensitive information.

The person goes to the page, is prompted to log in, then gets to see the information.

Answer 1

The correct answer involves use of setting the HTTP Cache-Control header on the response. If you want to ensure that they never cache the output, you can do Cache-Control: no-cache. This is often used in coordination with no-store as well.

Other options, if you want limited caching, include setting an expires time and must-revalidate, but these could potentially all cause a cached page to be displayed again.

See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.4