[OWASP_PHPSEC] Back Button loads cached page

rahul chaudhary rahul300chaudhary400 at gmail.com
Thu Oct 17 23:53:24 UTC 2013


Hello Guys,

While making the sample application, after "logout", I observed that
clicking the back button in the browser loads the cached page i.e. "the
page where the user is still logged in". I tried doing "no-cache", but it
still is being loaded from cache. I also observed that even though I unset
$_POST variables which contains userID and password, by clicking the back
button, they are still not deleted, their values again come up on the
screen.

So, for this do we need a cache-control library or is there some
work-around ??

-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20131017/d3db5055/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list