I have a site that requires user registration, built in ASP. It's not on a secure server or anything; the information kept there is not anything special, just names and email addresses of students so that they can log in.
A lot of the students are using public computers to access this site. I have it set up so that the pages do not cache, so that if the session is logged out, you can't just go back into the pages under someone else's name. However, I just discovered tonight (and I don't know why this didn't occur to me before) that if you go all the way back to the login page and hit refresh, it resends the login information and you're in the account of whoever was there before you.
What can I do about this? Is there a way to prevent it from resending that password? I had assumed that a password field would not be able to resend anyway, without retyping it, but apparently I'm wrong.