How to clear browser cache after user logout to prevent access to private info via 'Back' button

Question

After a user logs out, if they hit the back button, they can go back to the last page they were on before logging out.

The app I am working on will often be used on

Answer 1

Being on Rails, you can easly setup everything placed in the public folder with an aggressive cache, and cherry-pick what else can be safetly cached, like the public "about" page.

You should set Cache-Control: no-cache to prevent the browser to cache HTML pages, XML, JSON containing sensitive informations (basically anything that is accessible only with a proper login) and set a more aggressive cache for static assets like css and images.

• Good candidates for aggressive cache are the css and images used within your application and public pages.
• Good candidates for a no-cache are anything accessible after a login (i.e. if you are storing images that should be accessible only to tis owner, it shouldn't be cached, if you have an Ajax request for autenticated users, that XML should not be cached).