11

I have to create a web application that deals with user's sensitive information. I need to immediately clear the browser's cache after user logs out since cached data would be vulnerable. Client's browser should be enforced to clear the Cache from server side. Also all cache policies must be exposed to the client from the server side.

Is there any solution to this problem?

Improve this question
1
  • 2
    The best you can do is request to the browser (and all intermediate caches -- there might be some) that your pages should not be cached. Even that is only a hint. You cannot programmatically erase a visitor's cache. (Think about what a nightmare that would be.) Commented Apr 5, 2010 at 3:22

1 Answer 1

Reset to default
8

Set the response to expire immediately, and for good measure tell proxies, etc., not to cache:

Expires: 0
Cache-control: private
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yep, the only solution is to tell the browser not to cache at all.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.