How Google deals with the Back Button after logout?

Question

I've been searching the web trying to identify a good way to avoid show previous unsuitable information when the users click the Back Button.

For instance:

• To avoid see information after logout.
• To avoid see a form after send and process it.

I reviewed these posts and many others: avoid go back after logout Prevent back button after logout

I like the Google solution but I don't know how is implemented. When I logout from my Gmail account and then I click the Back Button, I'm not able to see my previous mails, I stay at the Login page.

I'm not trying to change or avoid the Back Button, I just want to avoid to show that not suitable data.

I tried to use diferent headers and meta but them didn't work.

Answer 1

Gmail is a JavaScript web service, so that when you click the back button the static state is just loads the JavaScript client which is denied access to the backend.

On a traditional non-web service type application could have JavaScript that runs each time the page loads to insure that the authenticated session is still valid. If the user isn't authenticated, bump them back to the login page.

Without JS, the browser is just going to load a cached copy. You can disable caching by adding these meta tags or http headers:

   header( "Pragma: no-cache" );
   header( "Cache-Control: no-cache" );
   header(  "Expires: 0" );

You can also disable caching using meta tags:

 <meta http-equiv="Pragma" content="no-cache">
 <meta http-equiv="Cache-Control" content="no-cache">