[OWASP_PHPSEC] Back Button loads cached page

rahul chaudhary rahul300chaudhary400 at gmail.com
Thu Oct 17 23:53:24 UTC 2013

Hello Guys,

While making the sample application, after "logout", I observed that
clicking the back button in the browser loads the cached page i.e. "the
page where the user is still logged in". I tried doing "no-cache", but it
still is being loaded from cache. I also observed that even though I unset
$_POST variables which contains userID and password, by clicking the back
button, they are still not deleted, their values again come up on the

So, for this do we need a cache-control library or is there some
work-around ??

Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20131017/d3db5055/attachment.html>

More information about the OWASP_PHP_Security_Project mailing list