|
Question:
How can I prevent a user from hitting the back button and seeing a cached page?
Why would you want to do this? In some cases users are worried that if they walk away from their desk for any length of time, they don't want someone to be able to hit page back and see information they are not entitled to.
Answer:
Part of the answer to this involves using SMURFs and setting the timeout to a reasonably short period, but also setting the Extend option set to *YES
The other part of this is to set up an Apache directive which tells the browser not to cache the page. There are META tags which purport to do the same thing but they are not entirely reliable or cross browser compliant. Another reason is Proxy server don't tend to look at the HTML on a page.
The reason the apache directive works is it sets the no-cache property in the HTTP Header instead of on the page itself like the META tags
The directive is:
#The php|cgi|pgm text below can be modified to include more or less page extensions.
ExpiresActive Off
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
|
