Browser cache using back button

I’ve got a client who is concerned that after a user logs out, the restricted content can still be viewed if the browser ‘back’ button is clicked.

My opinion is that it’s not a major issue but they’re worried someone might logout and not close their browser, then someone else comes along and clicks back and sees sensitive information about that that user.

Is there a way in S2 Member to prevent protected pages from being cached by the browser. I don’t want to prevent all site pages from being cached, only the S2 protected ones.

Any help would be much appreciated.

Thanks

Your client needs to understand that they are not 100% in control of their content.

s2Member provides as near to 100% control as you can get but, as soon as a browser accesses content, the browser can (and usually does) store it somewhere. Neither you nor they can prevent that. It’s how the web works.

The best you can do is to follow the lead of many banks, and add a message when someone logs out that urges them to close the browser window too.

That doesn’t actually mean that the content isn’t still stored by the browser (it is), but it does mean that using the Back button won’t provide a means of retrieving the content, so that it would require a bit more sophistication to know how to find it.

Your client could set extremely short expirations when setting browser cache expiration times. This will result in services like GTMetrix and PageSpeed complaining that those values need to be longer, though. See: https://gtmetrix.com/leverage-browser-caching.html.

That said, I agree completely with @KTS915. Even setting a 1-second browser cache time would not stop the information from being cached. It would just result in it being overwritten at each page load.

Thanks guys, agree with your advice completely. I think this one is more about educating the client rather than trying to ‘solve’ the issue!

Dave