I see. thanks so much. was really confused. On 6/25/06, Paul Benedict <[EMAIL PROTECTED]> wrote:
Lixin, you have your needs reversed: you need those directives on every page that's secure. The pages your users see only when they log in should not be written to the browser's cache; the log out page is benign. -- Paul Lixin Chu <[EMAIL PROTECTED]> wrote: this may be posted before though i can not find any in the archive: how to make sure that browser's back button will bring back the previous page after log out ? Googled, and added these into our logout action, but still no effect: response.setHeader("Cache-Control", "no-cache"); response.setHeader("Cache-Control", "no-store"); response.setDateHeader("Expires", -1); response.setHeader("Pragma", "no-cache"); // http 1.0 any idea ? thanks in advance lx --------------------------------- Want to be your own boss? Learn how on Yahoo! Small Business.