During the login process for an application I am working on, there is a POST form submitting the username and password. After the login has been processed, the URL is being cleaned by calling location.replace() to remove the post page from the browser history.
This means if the user hits F5 after logging in, it just reloads the default page, instead of trying to resubmit the login credentials. But I'm having a problem in IE, when developer tools is NOT open, the replace doesn't work properly.
By opening developer tools and starting a network trace, and then closing it again, I can see the problem. The URL for the location.replace() appears in the trace, with status showing as '304 Not Modified' and an expires time 1 day in the future. I can see from Apache logs that the request didn't go to the server, and also the page is always output with appropriate headers to disable caching.
It works fine in other browsers, and in IE if developer tools is open at the time (!) but I can't figure out how to stop caching in IE, other than by uglifying the URL.
For info I created this problem whilst trying to get rid of an ugly ?c=1405502309 parameter that was on the end of the URL, and I know I can fix it by putting that back! But what I really want is to not have to, and just have IE obey the no-cache headers.
