Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources.
Upgrade flask-appbuilder to version 4.5.1
If upgrading is not possible configure your web server to send the following HTTP headers for /login: "Cache-Control": "no-store, no-cache, must-revalidate, max-age=0" "Pragma": "no-cache" "Expires": "0"