715462 - Back button ignores header caching directives

Status: UNCONFIRMED

(Firefox :: General, defect)

Description

[kenduron]

User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)

Steps to reproduce:

I want to enforce Firefox to reload the page after the back button of the browser is pressed. Unfortunatly, no rerequest is done although caching is prohibited.

1. I was in secure (https) website where you had to be authenticated (username,password)

2. I work within this internal area

3. I used the log out function of the website whose correctness is verified

4. a message of the website came "logged out successfully"

4. I pressed "back" --> the page shows the intern information although a reload should have been triggered since firefox is told not to cache and not to store information. Refreshing the site (F5) causes "not logged in" from the web site which is correct.



Actual results:

The back action (step 4) redisplays the intern information although logged out and caching is prohibited by the website.


Expected results:

using the back button after step 4 should not redisplay the intern information seen when logged in - moreover, firefox should redo a request since caching has been prohibited by cache-control directives.

header used by the web application:

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires is set to date in the past
random Etag is set

Versions tested: 6.x, 7.x, 8.x