[OWASP_PHPSEC] Back Button loads cached page

Abbas Naderi abiusx at owasp.org
Fri Oct 18 01:29:15 UTC 2013


What browser are you using? this behavior is odd to me.
-A
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Oct 17, 2013, at 7:53 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> Hello Guys,
> 
> While making the sample application, after "logout", I observed that clicking the back button in the browser loads the cached page i.e. "the page where the user is still logged in". I tried doing "no-cache", but it still is being loaded from cache. I also observed that even though I unset $_POST variables which contains userID and password, by clicking the back button, they are still not deleted, their values again come up on the screen.
> 
> So, for this do we need a cache-control library or is there some work-around ??
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20131017/76050261/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list