Another thing you could do and, actually I see as a normal behavior for every page is to verify if the user is logged in (might have something in session). That would prevent ANY user that isn't logged in to access your pages.
But yet, as Cerebrus said, it does seems like a Cache problem. On Wed, Oct 21, 2009 at 2:59 PM, Cerebrus <[email protected]> wrote: > > You could simply prevent browser caching of the pages by specifying > Cacheability and expiry parameters in your code. > > On Oct 21, 7:59 pm, himanshu <[email protected]> wrote: > > i m using formauthontication.signout method > > > > i found that after signing out from the application i transfered the > > control to login page e.g. login.aspx. At this point if i click the > > Back button of Browser it shows the content of previous page user was > > viewing.As there was important data displayed on page it is security > > threat.It is a threat for web applications displaying important > > information like credit card numbers or bank account data. > > > > any solutions > > > > thank u > -- Atenciosamente, Paulo Roberto S. Pellucci
