ColdFusion
Results 1 - 10 of around 2 in coldfusionStop back button exposing secure pages
If you log into a secure area, navigate around, log out and then hit the back button, you'll see secure pages.
http://www.adrianlynch.co.uk/post.cfm?postID=14 -
Friday 14 December 2007
at
16:17
-
Comments(0)
To get around this you can add response headers to expire the page.
<cfheader name="Expires" value="#GetHTTPTimeString(Now())#"> <cfheader name="Pragma" value="no-cache"> <cfheader name="cache-control" value="no-cache, no-store, must-revalidate">
The downside being that there is less caching and more requests to the server, but for a secure area this seems like a nice trade-off.
Thanks to Rich Cooper for the code snippet.