Invalidating session in struts
Mozilla seems to be a good compromize between MSIE, that basically puts equal sign between data caching and location history, and Opera.
The problem with with users accessing secured pages by hitting the back button after logging out is partially solved by implementing cache control as described above, but that is only part of the solution.
We wont cover the details here, just note that you need some form of per-request access control in place.
You do this by including cache control 'hints' – special HTTP headers – in the response to each request.
There are a number of different 'hints' you can supply, and different browsers (and HTTP proxies) respect different hints, so you need to supply several to achieve the desired result in all circumstances.
One might say that Opera provides cleaner separation between data caching and location history.
On the other hand, for many stateful web applications this behavior ruins the idea of pagedata synchronization at any given time.