I have seen a hell of a lot of posts, here and in other places, asking
about 'disabling' the back button on the user's browser.
Sometimes, this is related to preventing duplicate form submissions;
often, it is related to preventing casual passers-by from peeking at
possibly confidential information displayed on a previous screen, etc
There are definitive answers to this:
1. Possible duplicate submission issues HAVE to be handled server-side.
There is simply no alternative.
2. Any scripted wiping of data from a form or table prior to unload can be
to expose this security hole him/herself begs question !)
3. Revisits to pages associated with LOGIN and LOGOUT can, and must, be
dealt with by suitable server-side logic and prudent session management.
If a user is supposed to be logged OUT, the he/she cannot be permitted to
enter a process, mid-job, by sending a previous page in the browser history.
If the user is still logged IN, the issue of their duplicating a task which they
have already completed is, once again, a matter for session control logic.
These things are usually only a matter of a series of YES/NO boolean flags
in data files on the server, and should not be causing migraines to any
web developer, IMHO.