Apologies if this is the second time this is posted, my email and subscriptions have been screwy. Here goes...
I'm trying to force a page reload when a user hits the back button on certain pages on my site: 1) To ensure secure pages (with password info, etc) cannot be viewed once a user logs out 2) Certain pages contain forms that are intended for a single submission, and we need to prevent users from backtracking and resubmitting the form. I've combed through the archives and have tried setting the HTTP headers to prevent caching, with the following settings: "Cache-Control: no-store" OR "Cache-Control: no-cache, post-check=0, pre-check=0, private" (I've tried it both ways) Pragma: no-cache Expires: 0 I've done this both in a velocity layout footer with $page.setHttpEquiv() and in the Default class layout (which extends VelocitySecureScreen), in doPostBuildTemplate() via data.getResponse().setHeader(). By forcing a page reload, my thought was to put such backtrack checking in the Default layout class so it's all in one place. However, while these HTTP headers do in fact show up in my browser testing, I can still hit the 'back' button and view pages after I've closed the session by logging out. Any thoughts on how to deal with this? I'm stumped. Using TDK 2.1 (sorry, have to for legacy compatibility reasons) mysql. Thanks, Derek --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
