Just a thought: are you sure that your server DOES send HTTP headers correctly? It should send these: Cache-Control: no-cache, must-revalidate; (prevent caching via HTTP/1.1) Pragma: no-cache; (prevent caching via HTTP/1.0) And using HTML meta-tags: <meta http-equiv="Cache-Control" content="max-age=0"/> Zope should destroy sessions on logout, and if that is done correctly, these should work.. -Mac -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Mico Siahaan Sent: Tuesday, April 22, 2003 12:10 PM To: zope@zope.org Subject: [Zope] Newbie question: Log out completely In our website, there some pages that could be accessed only by members. So if member want to access this pages they have log in first. The problem is, when they log out, if they don't close the browser, anyone could press 'Back button in the browser then access the members' pages. Can anybody give me a hint, how to prevent this? I could be inform members to close browser when they log out, but just in case they forget this :) FYI, I used exUserFolder to provide authentication to our site. Thanks. -mico- _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )