While developing any web application most of us have seen a common glitch where by hitting ‘Back’ button of the browser after successful sign-out, we would still get to see the pages which should only be visible if our session is alive.
The scenario I am referring to is the one where we have already handled all the cases in the server side code for redirecting the user to login page if their session does not exist while making an attempt to see the authenticated content.
The problem is caused by the history maintained by the browser itself. The Back button of the modern browsers fetches the previously navigated page from the history instead of fetching it from the server in order to optimize the response delay. Since the page is not coming from the server we cannot have the authentication logic to work and perform a redirection.
View original post 226 more words