After logging out of my application, clicking the back arrow sends the user to the previous page, but the user remains locked out. However when you get to a page that contains a form, you're presented with a dialog box that essentially re-posts the login data! How can I over ride this. I thought I had all the bases covered with the code below:
Clicking 'log out' on my application, the following code is called:
You could implement a more complex session management system that creates a database entry for each active session. You could also choose to instead of invalidating the session, setting a 'disabled' flag.
There's probably some other 'cleaner' approaches although having a table that manages active sessions can be useful for tracking and management.
Try disabling the browser cache.Probably the pages getting fetched from the cache.And in the header of every page add session check.If the user is not authinticated then redirect to the login page.To disable the browser , you can use meta-link in the head tag of each of the html's.