5

Problem: Hitting back button in browser renders the cached version of the secure page even after logout.

I'm trying to solve this using FOSHttpCacheBundle. Here is my config:

fos_http_cache:
cache_control:
    defaults:
        overwrite: true
    rules:
        -
            match:
                path: ^/
            headers:
                cache_control: { no_cache: true }

While it is setting the Cache-Control:no-cache, private but there is no Pragma: no-cache and Expires: -1 headers defined which according to docs should be defined.

Here's my Response Headers:

Cache-Control:no-cache, private
Connection:Keep-Alive
Content-Type:text/html; charset=UTF-8
Date:Tue, 03 May 2016 09:03:49 GMT
Keep-Alive:timeout=5, max=95
Server:Apache/2.4.9 (Win64) PHP/5.5.12
Transfer-Encoding:chunked
X-Cache-Debug:1
X-Debug-Token:050e09
X-Debug-Token-Link:/app_dev.php/_profiler/050e09
X-Powered-By:PHP/5.5.12

Someone please explain what am I missing!!

Thanks

Mehulkumar
  • 836
  • 2
  • 10
  • 23
  • [`Pragma: no-cache`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Pragma) is only used for *HTTP 1.0* responses. [`no-cache`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#Cacheability) specifically means to validate before using a cached resource, **not** "do not cache". You are missing `must_revalidate: true, no_store: true, max_age: 0` Which instructs the client to never store the resource, to always revalidate, and to expire immediately. Symfony will detect if the protocol is *1.0* and add `Pragma` and `expires -1` when using `no-cache`. – Will B. Feb 19 '19 at 18:57

0 Answers0