In my MVC 4 application, I am using a BaseController to execute a few processes whenever any of my other controllers get hit, one of which is checking if a user is logged in or not.
I've noticed that this is a common issue across design patterns, frameworks, what-have-you. Sadly, I could not find a solution.
Let's keep this short and sweet: how can we prevent the back button from allowing unauthorized access to my MVC 4 pages?
One possible issue is the page being in browser cache. Consider adding some anti caching code to the page initialization.
Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Here is are some other questions with some implementation options.