A fix has been implemented for surgemail version 7.1f-46. Latest 
specials builds available as per:
      http://netwinsite.com/surgeweb/help/updates.htm
      ftp://netwinsite.com/pub/surgemail/specials/

You need a full upgrade including surgemail binary and surgeweb 
templates, combined with the surgeweb config_dat setting of:
      login_nohistory_enable true

Let me know if you try it and it does / does not work for you, 
particularly if you have an unusual / multiserver etc login 
configuration.

Marijn


On Friday 08/04/2016 at 12:33 pm, Surgemail Support (Marijn)  wrote:
>
> I have just tested this and can confirm for going "back in the browse 
> history", both safari on osx and ios just resubmit the login form 
> again with the typed username and password and thus you get a new 
> logged in session to surgeweb.
>
> This does not happen under chrome or FF.
>
> I'll do some investigation to see if I can setup any caching pragmas 
> etc on the surgeweb login page to tell safari not too be "overly 
> clever".
>
> Marijn
>
>
> On Friday 08/04/2016 at 8:34 am, surgemailHIDDEN@etwinsite.com wrote:
>>
>> I have a customer complaining that users with Safari on a MAC or  
>> Iphone are able to logout of Surgeweb and hit the back button and get  
>> logged back in without being challenged for a user id & password.
>>
>> I have no access to a MAC or Iphone to fully test this.  Any ideas?
>>
>> Lyle Giese
>> LCR Computer Services, Inc.
>>
>
>
>
>