We have a portal extension which is providing a logout function calling the provided 'exo.portal.logout();' method. However, it appears that the session is not invalidated. When I click the back button on the browser after the logout function was called, the previous page is displayed just as if the user was still logged in. Is this a bug related to session invalidation?
We have noticed that all portal pages are returned with the following header: 'Cache-Control: no-cache'. Is it possible to change this header, eg. to 'no-cache, max-age=0, must-revalidate, no-store', in order to force a page reload when the browser back button has been clicked?
- Red Hat JBoss Portal (JPP)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.