Have you ever wanted to prevent the user from clicking the browser’s “Back” button to go back to a previous page?
This usually happens after some processing has been like making a payment or logging out of the system.
For instance, if a user logs out of your system and they click on the browser’s back button, the previous page where they would need to be logged in would still load.
This is because the browser caches the page so even if all your session variables are destroyed the page still loads as if you were still logged in visually only.
Of course if you click on a link that directs you to another “must be logged in” page it’ll perform the usual “You must be logged in” logic.
The way to prevent this from happening is not to try and disable the browser’s back button (that’s a no-no), but instead we should prevent the browser from caching the page.
This can be done easily in Coldfusion by adding the following lines to your code:
<cfheader name=“cache-control” value=“no-cache, no-store, must-revalidate”>
<cfheader name=“pragma” value=“no-cache”>
<cfheader name=“expires” value=“#getHttpTimeString(now())#”>
Voila! Now when the user clicks back, since we told the browser not to cache the page, it will make the normal request to the server and the normal session verification occurs and the cached page will not display.