I want to prevent the user from pressing going to the previous page (back button in browser), after logout.

I manage to do this in apache adding this to the configuration:

<FilesMatch "\.(html|htm|js|css|pl)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</FilesMatch>

But when i do it directly in the sources it doesnt work i'm using:

<meta content="no-cache" http-equiv="Pragma"></meta>
<meta content="no-cache, no-store, must-revalidate" http-equiv="Cache-Control"></meta>
<meta content="0" http-equiv="Expires"></meta>

I want to prevent the user from pressing going to the previous page (back button in browser), after logout.

I manage to do this in apache adding this to the configuration:

<FilesMatch "\.(html|htm|js|css|pl)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</FilesMatch>

But when i do it directly in the sources it doesnt work i'm using:

<meta content="no-cache" http-equiv="Pragma"></meta>
<meta content="no-cache, no-store, must-revalidate" http-equiv="Cache-Control"></meta>
<meta content="0" http-equiv="Expires"></meta>

• javascript
• jquery
• html
• caching
• logout

• You have discovered that HTTP headers can set caching options and that HTML meta elements pretending to be equivalent … aren't equivalent. What's the question? – Quentin Commented Feb 12, 2014 at 9:23
• How can I prevent the page to cache so the user cant go back after logout. I make it work in apache conf, but when I tried to add it directly using the example from here Making sure a web page is not cached, across all browsers, doesnt work. What I'm missing? – Carlos Escalera Alonso Commented Feb 12, 2014 at 9:48
• "I make it work in apache conf" ← like that. – Quentin Commented Feb 12, 2014 at 9:50
• Yes setting it in apache configuration works well, but dont know how to do it from the source – Carlos Escalera Alonso Commented Feb 12, 2014 at 10:06
• From the HTML source? Are you have already discovered, you cannot. – Quentin Commented Feb 12, 2014 at 10:07

1 Answer 1

As Quentin exlplain this meta tags are ignored by the browser.

<meta content="no-cache" http-equiv="Pragma"></meta>
<meta content="no-cache, no-store, must-revalidate" http-equiv="Cache-Control"></meta>
<meta content="0" http-equiv="Expires"></meta>

So this is what worked for me to disable the cache in all browsers.

From perl

 Use CGI;

 sub set_new_query() {
            $query = CGI->new();
            print $query->header(
                            -expires       => 'Sat, 26 Jul 1997 05:00:00 GMT',
                            -Pragma        => 'no-cache',
                            -Cache_Control => join(', ', qw(
                                                private
                                                no-cache
                                                no-store
                                                must-revalidate
                                                max-age=0
                                                pre-check=0
                                                post-check=0 
                                               ))
            );
        }

An alternative in Apache is to add to httpd.conf:

LoadModule headers_module modules/mod_headers.so

<FilesMatch "\.(html|htm|js|css|pl)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</FilesMatch>

And for other language here is a great description: Making sure a web page is not cached, across all browsers