Problem: Hitting back button in browser renders the cached version of the secure page even after logout.
I'm trying to solve this using FOSHttpCacheBundle. Here is my config:
fos_http_cache:
cache_control:
defaults:
overwrite: true
rules:
-
match:
path: ^/
headers:
cache_control: { no_cache: true }
While it is setting the Cache-Control:no-cache, private but there is no Pragma: no-cache and Expires: -1 headers defined which according to docs should be defined.
Here's my Response Headers:
Cache-Control:no-cache, private
Connection:Keep-Alive
Content-Type:text/html; charset=UTF-8
Date:Tue, 03 May 2016 09:03:49 GMT
Keep-Alive:timeout=5, max=95
Server:Apache/2.4.9 (Win64) PHP/5.5.12
Transfer-Encoding:chunked
X-Cache-Debug:1
X-Debug-Token:050e09
X-Debug-Token-Link:/app_dev.php/_profiler/050e09
X-Powered-By:PHP/5.5.12
Someone please explain what am I missing!!
Thanks