views:

119

answers:

1

I have to create a web application that deals with user's sensitive information. I need to immediately clear the browser's cache after user logs out since cached data would be vulnerable. Client's browser should be enforced to clear the Cache from server side. Also all cache policies must be exposed to the client from the server side.

Is there any solution to this problem?

+1  A: 

Set the response to expire immediately, and for good measure tell proxies, etc., not to cache:

Expires: 0
Cache-control: private
Marcelo Cantos
Yep, the only solution is to tell the browser not to cache at all.
Tim