::Edit::
@cache_control(no_cache=True, must_revalidate=True, no_store=True) FTW!!!!!
Cache-Control: no-cache, no-store, must-revalidate did the trick. It took going to a few IRC chans and looking around but finally I got it to work.
::EDIT::
I have a view where I'm setting @login_required on it and its secure for the most part, but if you have looked at the view then logout and just hit the back button in your browser you can view the content again with out being asked to login. Though if you refresh the page the server with will redirect you.
My suspension is its a cache issue where maybe I need to tell chrome not to store it in the history.
if you view a invoice for example then logout you can view the invoice again by selecting that page in your back history.
I have tried this issue o firefox with no problem. firefox asks for you to log back end so it must be a browser issue.
You're right, this is cache problem.
You can use cache_control decorator to force no cache on views[1]:
from django.views.decorators.cache import cache_control
@cache_control(no_cache=True, must_revalidate=True, no_store=True)
def func()
#some code
return
You should also write your own decorator that replaces @login_required so that you don't need to use both on every page.