[OWASP_PHPSEC] Back Button loads cached page

rahul chaudhary rahul300chaudhary400 at gmail.com
Fri Oct 18 01:55:33 UTC 2013


chrome...


On Thu, Oct 17, 2013 at 9:29 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> What browser are you using? this behavior is odd to me.
> -A
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Oct 17, 2013, at 7:53 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> Hello Guys,
>
> While making the sample application, after "logout", I observed that
> clicking the back button in the browser loads the cached page i.e. "the
> page where the user is still logged in". I tried doing "no-cache", but it
> still is being loaded from cache. I also observed that even though I unset
> $_POST variables which contains userID and password, by clicking the back
> button, they are still not deleted, their values again come up on the
> screen.
>
> So, for this do we need a cache-control library or is there some
> work-around ??
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>  _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20131017/886b66e3/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list