07-04-2012, 10:56 PM
[eluser]Aken[/eluser]
There is no "good" method for doing it. You either have to prevent the browser from caching the page at all (which even that is not fool proof), or you can use Javascript to make an additional verification request upon page load to check the session (which is both extra work [slower] and easily disabled by turning Javascript off).
Unless it is highly highly sensitive information, the best thing is to just encourage the user to close their browser to erase the cache.
And read that SO page for lots of good stuff.
There is no "good" method for doing it. You either have to prevent the browser from caching the page at all (which even that is not fool proof), or you can use Javascript to make an additional verification request upon page load to check the session (which is both extra work [slower] and easily disabled by turning Javascript off).
Unless it is highly highly sensitive information, the best thing is to just encourage the user to close their browser to erase the cache.
And read that SO page for lots of good stuff.
