This is what I have tried from Python/tornadoweb:
self.set_header("Cache-Control","no-cache, must-revalidate, max-age=0")
self.set_header("Expires","Mon, 26 Jul 1997 05:00:00 GMT")
This is what I see from firebug when I first load the page:
Cache-Control no-cache, must-revalidate, max-age=0
Content-Length 1715
Content-Type text/html; charset=UTF-8
Etag "e55dc7115d80aa09b470510ababb3515706f4a61"
Expires Mon, 26 Jul 1997 05:00:00 GMT
Server TornadoServer/2.3
Set-Cookie xsfr=5b7f3cf86c2e4537acd1bb1749484a5b; Path=/
And yet, when I press BACK button to go back to the original URL, I get a cached version of the page! The page is not re-fetched from the server. The result is that it contains invalid hidden form values. No matter how the user fills in the form, it cannot be processed.
The problem can be reproduced on firefox and chrome, but not from internet explorer.
So, how to force firefox and chrome to disable the cache and reload the page whenever the back button is pressed?
I don't know if you solved this issue or not, but I faced the same issue last night. This answer helped me to some extent. I solved it by setting the header and clearing the user cookie.
Here's a gist of what I did :
Now the SignOut handler :
"user" is the name of the cookie set.