I have intermittently experienced an issue with several of my drupal sites in which after logging out of the site the content still appears as if I were logged in. Pages would still appear editable, blocks that should only be seen by authenticated users could still be seen. A fix (that is in the works) can be found here: http://drupal.org/node/197786#comment-1218604
You must patch core to fix it - but it worked for me in Drupal 6 and is reported to work in Drupal 5. Locate this chunk in the "bootstrap.inc" file:
<?php
/**
* Set HTTP headers in preparation for a page response.
*
* Authenticated users are always given a 'no-cache' header, and will
* fetch a fresh page on every request. This prevents authenticated
* users seeing locally cached pages that show them as logged out.
*
* @see page_set_cache()
*/
function drupal_page_header() {
header("Expires: Sun, 19 Nov 1978 05:00:00 GMT");
header("Last-Modified: ". gmdate("D, d M Y H:i:s") ." GMT");
header("Cache-Control: store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", FALSE);
}
?>Change this:
<?php
header("Cache-Control: store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", FALSE);
?>To this:
<?php
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", FALSE);
?>The only change is the "store" to "no-store". Thanks to @mithy in the drupal forums for tracking a solution down. You can read more on this issue here:
http://www.sriramkrishnan.com/blog/2007/06/firefox-and-ie-deal-with-no-c...