It is possible to view the contents of authenticated page from Back button of the browser.
Severity Rating (H/M/L)
Short Term – The back button of the browser should be disabled for all authenticated pages. Otherwise, the user may lose track and a malicious user can get access to his session simply by clicking on the back button of the browser.
Long Term – Necessary controls in an application should be identified using Threat modeling to ensure that the application is protected against common types of attacks based on the threats it faces
EXAMPLE 2 - FINDING UNDER AN APPLICATION SECURITY AUDIT www.sil.mu