Site: Moodle 3.11.2 (Build: 20210729)
Theme: Academi
We are attempting a security certification. One thing I can't figure out is one security flag. When a user clicks the logout button they are logged out. If they have other tabs open, certain pages auto redirect to the login page (Dashboard). Other pages (Content bank, Private Files, Calendar) just stay open. Also we are dinged because a user can hit the back button after logout and the previous user's profile page will display the person's identifiable information. If I refresh the page it redirects correctly to the login page.
Re-create:
- Go to homepage and login
- Go to user's profile page
- Logout
- Back button to reveal the user's name and email address