Problem: After a visitor logs out, his "Back" button still gets him to the protected pages
Posted on 2007-12-03
I'm having a browser cache problem that I can't seem to control. I'm working on a site that a user must log into; a successful login leaves an authentication cookie on his computer. When he clicks "log-out", the code in the cookie is invalidated, and he is taken to a non-protected page, like a FAQ page, or the "log in again" page. When that happens, if he clicks the "Back" button on the browser, he's back at the protected page, even though his cookie has now been invalidated.
I thought I was controlling against that. The protected page prints like this:
print "Content-type: text/html\n\n";
print "Cache-Control: no-cache\n";
print "Expires: Sun, 28 Jul 2002 08:12:13 GMT\n"; # just some time in the past
Then comes the <DOCTYPE> declaration, and then the html.
What am I doing wrong? Am I on the right track?
I've read a bunch of tutorials on this topic on the Web, and it *seems* like I'm doing things right, but I must be missing something.