Page not secured after log out and click back button

Question

In my previous employment I was experiencing a well known problem of being unable to prevent the user from being able to navigate the site using the back button after loggin

Answer 1

We don't use Spring security so I am not familiar with all its configuration attributes but if I were you, I would start with looking into browser caching issues. Should be easy to test... (1) force reload of the page after hitting back button, OR (2) after logout, clear out browser cache (not cookies), and then hit the back button. If this results in desired behavior, then next step should be inclusion of HTTP Response Header attributes to control browser caching.

If this is not it, then I wouldn't know what to look for in your Spring security configuration. Hopefully someone else may know the answer.

EDIT: just found another similar question that confirms browser caching issue part - that question's answer contains a mechanism that they used for setting response headers just in case if that helps you - Spring Security Logout Back Button.