The web app has no control over what the browser does upon clicking the back button. Most of the times, the browser will re-display its cached version of the previous page, no matter what the cache settings are. That's just how the Back button works.
What problem does that present to your application? There may be ways to prevent any possible negative side effects.
Joined: Aug 11, 2006
Thanks for the quick response. The problem is that the details cached are credit card details, therefore ideally I would like the information removed from the form if the back button is used.
I struggled with a pretty much identical case a while ago - I found no way of preventing the browser of caching a page and letting the user access it by clicking on the Back button, even after they had logged out. I was looking at the headers set by my Internet bank site and some webmails, until I realised it was the use of https that did the trick. I wasn't using https on my development machine, which caused the confusion. Since you're handling credit card info, I'd assume you'll be using https in production as well?