How to avoid the cache after user logout?

Question

I have used this code to make Enduser can not be able to access the Application pages using browser back button after signout. If the Enduser clicks on browser back button that should need to kick back the user to ApplcationLogin page again. Here that is works fine but after clicking back button it gives one page(Not application login page).This page continence Document Expired message with tryagain button if user clicks on tryagain button the application will relogin.Here is the code.

  res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
                res.setHeader("Pragma", "no-cache"); // HTTP 1.0.
                res.setDateHeader("Expires", 0); // Proxies
                chain.doFilter(request, response);

Insufficient information. Are you using CMA? Have you invalidated the session? — user207421, Feb 28 '14 at 08:21
You probably did not invalidate the session (on the server side) at logout, otherwise the server would not serve a logged-in page. — Pierre Rust, Feb 28 '14 at 08:45

score 1 · Answer 1 · answered Feb 28 '14 at 10:37

Most likely you use HTTP basic authentication. With basic authentication, there is no real way to clear the credentials within the browser. The browser just sends the credentials again, when some protected content is accessed. This process has nothing to do with your cache headers at all.

If this is the cause, you can switch to form based authentication. Another trick we have done is to send a redirect to dummy:dummy@xy.com/loggedout.jsp to clear the user password credentials from the browser, however, that's not working perfect and confuses users.

How to avoid the cache after user logout?

1 Answers1