After configuring a simple LR and CAS deployment without Ldap, I've noticed that on logout via CAS when I revisit the LR site the last logged in users dockbar is visible; though I'm definitely not logged in. Clicking any applications within the dockbar fails with a permissions error.

Is this a browser caching issue? Note that I did not close the browser session (as advised by the CAS logout) when logging out.

I've noticed this. However, it's not unique to Liferay necessarily. Our Moodle server does this, too. I think it's just that using the back button doesn't totally refresh the page, but instead pulls it from memory. It shouldn't be too big of a security risk since it asks to re-authenticate or fails with a permissions issue. That's why CAS does say to close the browser for maximum security.