Yes, I did that. Now all pages are blank. What I really wish is that after
logout, when user hit "back" button, the page goes back to login page, never
visit all pages visited before even just blank page now.
Michael Jouravlev <[EMAIL PROTECTED]> wrote: On 12/1/05, info3853 Bush wrote:
> That's true. This topic belongs to web application security.
>
> The thing is that all static content are shown when you used the "back"
> button. Of course, you can't click any link since the session is already
> invalidated.
Mark page as non-cachable with "no-cache, no-store" cache-control
header. You may want to add some other headers too, like
must-revalidate. When you hit Back, the browser would try to reload a
page, here you would show the error.
Michael.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Yahoo! Personals
Single? There's someone we'd like you to meet.
Lots of someones, actually. Try Yahoo! Personals
