easiest way to prevent the back button of your browser from showing secure data after a user logs out?

Question

In a normal web app w/ login and secure data, what is an easy way to secure that data and prevent it from being seen by using the browser\'s back button, once a user logs ou

Answer 1

Cache control headers (Expires, Cache-Control, ETag) will generally prevent the caching of the page, forcing the browser to request a new copy at which point you can check the session status. They are sometimes ignored in the interests of "performance" though.

There are two Javascript approaches that could help you:

• Use the exit event from your page (onSubmit for forms or onUnload for other pages) to clear the content when leaving pages.
• Use document.location.replace() instead of normal links when moving between pages so as not to leave a trail in the browser history that the user could return to.

Both of these are likely to have a pretty horrid effect on usability though.