I'm building a smallish forms authenticated site that will soon be
online for my employers customers to use. There is nothing sensitive
about the information per se, but none the less we still want to
restrict access to only our customers. Anyway, my question is... When
I log off the test site, I can use my browser's back button to get back
into the last page I was at on the site. I can't click any links (the forms authentication kicks
me back to the login page), and no real functionality is available
without being authenticated...but it just looks cheesy. Since the onLoad event isn't checking my authentication credentials, I'm pretty sure it's just a copy of the page in the local cache.
Now, if
this were for me, I'd leave it. It's just a local
browser cache of the page and it's not going to hurt anything...
However, I'm developing this for the company I work for, and I don't
want this to look like a second rate site.
Anyway, I was wondering if anyone here had some thoughts on the matter.
Cached page: Does it matter? Is it a security problem, or is it at worst a situation where a user gets prompted to log in when they thought that they were.
Performance: Is it possible for me to instruct visiting browsers to not cache my site? Is that worth it on a semi image heavy site?
Any more creative ideas?
Thanks a bunch,
KBTibbs