Set Cache-control headers to no-cache conditionally for registered users
app.use(function(req, res, next) { if (!req.user) res.header('Cache-Control', 'private, no-cache, no-store, must-revalidate'); next(); });
This will cause the browser to receive a new copy of the page, even when they click back.
Note. This is done by disabling the cache for all users who are not logged in, who for this answer include those who have just logged out. You should probably find a way to distinguish these two if you do not want to completely disable the cache for all users. Something with sessions ..
If you are sure that when the user hits, '/login' is the route they will land on, then you can define it only there, thereby relieving yourself of the problem of doing the above.
Where exactly does this code go?
app.get('/logout', isLoggedIn, function(req, res) { req.logOut(); if (!req.user) res.header('Cache-Control', 'private, no-cache, no-store, must-revalidate'); res.redirect('/login'); });
Can this be used?
No.
app.get (or app.use ) defines your routes. Documentation: http://expressjs.com/api.html#request
app.get('/logout'... will be executed only if the route '/logout' requested by the client.
app.use(...) (without specifying any route) will be executed for all requests.
These "middlewares" routes (as they are called) also run sequentially to each other. (you will learn more in the documents mentioned above)
You want to set headers in front of any other route so that any other rendering of the routes is displayed with a header that forcefully invalidated the user's cache.
// > HERE < // before all the other routes app.get('/logout'... app.get('/login'... app.get('/'... app.get('/stuff'...