Stealing Password via Browser Refresh


The browser’s back and refresh features can be used to steal passwords from
insecurely written applications.

Browsers have the ability to maintain a recent record of pages that were visited
by a user. The back and forward button on browsers use this functionality to
display the pages recently browsed. In addition browsers also keep track of
variables that were POSTed to the server while fetching the page.

Problem if you code like this


1. Redirect
2. Clear Browser Cache [safer case]