I am trying to implement security in an application using GRAILS. I am checking the username and password entered by the user with the database stored data. For a valid user access is given to a perticular portal. The problem is that the user can access the pages after logging out of the application. The user can use the "back " button of the browser and can access the recently visited pages in a perticular login. I downloaded the plug-in and made the changes in the Config.groovy file. But still the security feature doesn't work and the user can access the application after logging out.
GMail manages this because it's AJAX-based and handles the history itself. If you're not using AJAX, then I don't think there's any way to prevent the browser from caching the page. Why is it a problem if the user can see the cached page after pressing back?
Yes. This is required for the security reason. It may happen that the user logs out and leaves the page as it is. No other person should be able to view the details of this user using BACK button.There may be some confidential information being displayed.