back button logout symfony2 php error

Question

I am developing a Symfony2 app and I have a problem.

When I log out of my app, it does it correctly, but if I press the back button of the browser, I go back to a page which is in the logged.

If I write the URL to go to this page, I can't.

Thanks in advance

This is my Security.yml

security:
encoders:
    Simple\ProfileBundle\Entity\User:
        algorithm:        sha1
        encode_as_base64: false
        iterations:       1


role_hierarchy:
    ROLE_ADMIN:       [ROLE_USER]


providers:
    main:
        entity:
            class: Simple\ProfileBundle\Entity\User
            property: username

firewalls:
    secured_area:

        pattern:    ^/
        anonymous: ~
        form_login:
            login_path:  login
            check_path:  login_check
            always_use_default_target_path: true
            default_target_path: /logged/portada
        logout:
            path:   /logout
            target: /portada
access_control:
       - { path: ^/logged, roles: ROLE_ADMIN }

Answer 1

I just tested your scenario successfully in my own Symfony 2.3 applications and found that it is in fact a security flaw that comes from the browser cache (not a framework issue because it's out of the control of the framework.)

Here is a discussion around the issue . The general (but not complete) solution is to send "Expire" headers that the browser may (or may not) pay attention to when you use the back-button behaviour. Here's the Symfony docs for HTTP Cache headers

I have not tested it in a 2.5.* environment yet, so this may have been addressed in a later version of Symfony.