[Susan]

Already had tried your suggestion – it didn’t make any difference.

The “remembering” behavior that you describe is indeed quite common (ex.Remember Me setting). But this is a different problem. This is an actual Logout – not just closing a browser window. Logout should always invalidate any existing sessions. The cache-control was telling the browser to revalidate each time – so it sends a request with the existing cookie information which should have come back as invalid since the session was logged out. At which point, it would try to fetch the actual page from the server and take you back to requiring a login.

This is a different issue than closing a browser window which doesn’t inherently log a user out as you noted

[Author]

Posts