问题
Say you're HTTP caching a login protected page (not critical banking info).
Now because you're using HTTP caching, logging out (destroying the session) will not have an effect on that cached page.
Currently, the only way I can think of is to explicitly set a sensible max-age cache value so it at least expires at some point.
E.g., members_area.php
\header('Cache-Control: max-age=60');
Other than this, are there better ways to invalidate memebrs_area.php in the user's browser when they click the logout button?
来源:https://stackoverflow.com/questions/61717739/invalidate-cache-of-a-login-protected-area-upon-logout