Index: FormAuthenticator.java
===================================================================
--- FormAuthenticator.java	(revision 588480)
+++ FormAuthenticator.java	(working copy)
@@ -313,6 +313,8 @@
             context.getServletContext().getRequestDispatcher
             (config.getLoginPage());
         try {
+            // Disallow caching the login page as the actual page. BZ 43687
+            response.addHeader("Cache-Control", "no-store");
             disp.forward(request.getRequest(), response.getResponse());
             response.finishResponse();
         } catch (Throwable t) {
@@ -334,6 +336,8 @@
             context.getServletContext().getRequestDispatcher
             (config.getErrorPage());
         try {
+            // Disallow caching the error page as the actual page. BZ 43687
+            response.addHeader("Cache-Control", "no-store");
             disp.forward(request.getRequest(), response.getResponse());
         } catch (Throwable t) {
             log.warn("Unexpected error forwarding to error page", t);