<p>Did not get any answers in SO so hoping someone here can help:</p>
<p>I'm trying to prevent users from going back to the login page after logging in by accessing their browser cache.</p>
<p>Here is my handler for the login page in main:</p>
<p><em>http.HandleFunc("/login", login):</em></p>
<p>After login the user gets directed to index.html and the handler is also in main:</p>
<p><em>http.HandleFunc("/", serveHtml)</em></p>
<p>in my login function I've tried to set the headers to prevent caching:</p>
<blockquote>
<p>func login(w http.ResponseWriter, r *http.Request) {</p>
<pre><code> w.Header().Set("Cache-Control", "no-cache, private, max-age=0")
w.Header().Set("Expires", time.Unix(0, 0).Format(http.TimeFormat))
w.Header().Set("Pragma", "no-cache")
w.Header().Set("X-Accel-Expires", "0")
//... the rest of my login code here. Upon successful login redirects to "/"
</code></pre>
<p>}</p>
</blockquote>
<p>There are no problems when the /login page is loaded again (either through a logout redirect or if for some reason the user intentionally visits the login page). I expire the Cookie and everything behaves normally.</p>
<p>But I'm trying to prevent the user from hitting the Back button after login and accessing their browser cache to get back to the login page. I thought setting the headers in my login function as suggested by some other answers on SO would prevent the browser from caching the login page.</p>
<p>But that doesn't work and the user can still hit the Back button and access the login page from their browser cache after logging in.</p>
<p>How do I set the headers correctly to prevent browser caching of the login page?</p>
