Don't cache AuthenticationController calls including GetRemainingTimeoutSeconds (fix for 11011)

src/Umbraco.Web/Editors/AuthenticationController.cs

@@ -17,7 +17,6 @@ using Umbraco.Core.Models.Identity;
 using Umbraco.Core.Services;
 using Umbraco.Web.Models;
 using Umbraco.Web.Models.ContentEditing;
-using Umbraco.Web.Mvc;
 using Umbraco.Web.Security;
 using Umbraco.Web.WebApi;
 using Umbraco.Web.WebApi.Filters;
@@ -34,10 +33,11 @@ namespace Umbraco.Web.Editors
     /// <summary>
     /// The API controller used for editing content
     /// </summary>
-    [PluginController("UmbracoApi")]
+    [Mvc.PluginController("UmbracoApi")]
     [ValidationFilter]
     [AngularJsonOnlyConfiguration]
     [IsBackOffice]
+    [DisableBrowserCache]
     public class AuthenticationController : UmbracoApiController
     {
         private BackOfficeUserManager<BackOfficeIdentityUser> _userManager;

src/Umbraco.Web/Security/GetUserSecondsMiddleWare.cs

@@ -62,7 +62,7 @@ namespace Umbraco.Web.Security
 
                         response.ContentType = "application/json; charset=utf-8";
                         response.StatusCode = 200;
-                        response.Headers.Add("Cache-Control", new[] { "no-cache" });
+                        response.Headers.Add("Cache-Control", new[] { "no-store", "must-revalidate", "no-cache", "max-age=0" });
                         response.Headers.Add("Pragma", new[] { "no-cache" });
                         response.Headers.Add("Expires", new[] { "-1" });
                         response.Headers.Add("Date", new[] { _authOptions.SystemClock.UtcNow.ToString("R") });