cache control not working

I've jusy finished a login script and noticed that even after I log out that I can go back and view the protected page again. This really isn't an issue because the user can't do any damage but I do get loads of javascript errors that I don't like. I'd like to be able to totally prevent client side caching if at all possible.

I've tried the following but it isn't working as I can still go back and see a cached copy. Here is what I'm using so far.

    header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
    header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the pa开发者_JAVA技巧st

Have you tried something a little more comprehensive?

Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

Source: http://www.php.net/manual/en/function.session-cache-limiter.php

I'm not sure if this will work for an entire page, but it's worth a shot.

We serve up dynamic images that have the exact same file name, over and over. Obviously caching these images would be bad, bad, bad (and completely break our app, really).

So, we send these three headers to the browser, and it has been working great to completely eliminate all caching of the images on all browsers:

//Prevent the image from caching, so it is created fresh each time.
app.Response.AddHeader("pragma", "no-store,no-cache"); // //HTTP 1.0
app.Response.AddHeader("cache-control", "no-cache, no-store, must-revalidate, max-age=-1"); // HTTP 1.1
app.Response.AddHeader("expires", "Mon, 14 Jul 1789 12:30:00 GMT"); // Date in the past

Note: We tested LOTS of variations, but these were the three essential ingredients in the magic recipe to prevent client-side image caching. You may have success using these for an entire page, but I have not tested that specific scenario.