We have installed yawebmail, one problem we noted is that after logout if back button is clicked it displays the mail listing. although we cannot read the mail(since session expired) this is not secure in shared computers. please let us know if any workaround to this problem.
we tried to solve this problem by making the pages non-caching using HTTP headers, but this caused another serious problem i.e after login if we click back button(when in mailsListing page) then the login data (userid,password) is posted again and session is activated...this can be dangerous. but from other pages(displayMail.jsp etc) then this problem does not arise.
please suggest how to solve this problem.
well, indeed this is an issue.
There are many ideas on the web how to "disable" the backbutton:
A pragmatical way to solve the problem is to clear the cache and close the browser after using yawebmail. Generally an advisable procedure if you use webapplications on a shared computer.