Rails ( set_no_cache method) Cannot disable browser caching in Safari and Opera

Question

After using Devise for my authentication, I found that there was a security hole in that, after the user logs out, the session variables are preserved. This allows anyone to

Answer 1

I found that doing this in my application controller worked great for development.

after_filter  :expire_for_development

protected

def expire_for_development
  expires_now if Rails.env.development?
end

Answer 2

First of all, for any issues with cache, use Mark Nottingham's guide on HTTP caching

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0

Try this.

Answer 3

I faced the same problem and found a good solution and I blogged it to

http://www.fordevs.com/2011/10/how-to-prevent-browser-from-caching-a-page-in-rails.html

To add ‘no-cache’, add the following lines @ the application_controller.rb file

before_filter :set_no_cache

and the function

def set_no_cache
    response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
    response.headers["Pragma"] = "no-cache"
    response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end