高朗大猩猩会话-缓存阻止注销功能 [英] Golang & Gorilla Sessions - Cache Prevents Logout Functionality
问题描述
我已经构建了一个使用Go Gorilla会话包的应用程序.一切似乎都很好,除非在我注销时实现
I've built an application that uses the Go Gorilla sessions package. Everything seems fine, except when on logout I implement
func logout(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "authsesh")
session.Values["access"] = "denied"
session.Save(r, w)
http.Redirect(w, r, "/", 302)
return
}
由于需要身份验证的页面已由浏览器缓存,因此注销后仍可以访问该页面.我该如何解决?有没有一种方法可以防止浏览器缓存页面?Cookie没什么问题,如果我清除缓存并保留Cookie,则可以看到注销已达到预期的效果.
Because the page requiring authentication is cached by the browser, it can still be accessed after logout. How can I get around that? Is there a way to prevent the browser from caching the page? There's nothing wrong with the cookie, if I clear the cache and keep the cookie I can see the logout has had the desired effect.
推荐答案
在处理程序中设置正确的缓存头:
Set the correct cache headers in your handler(s):
w.Header().Set("Cache-Control", "no-cache, private, max-age=0")
w.Header().Set("Expires", time.Unix(0, 0).Format(http.TimeFormat))
w.Header().Set("Pragma", "no-cache")
w.Header().Set("X-Accel-Expires", "0")
请注意,我们设置了多个标头来说明代理和HTTP/1.0客户端.
Note that we set multiple headers to account for proxies and HTTP/1.0 clients.
您可以将它们包装到也可以应用的中间件中:
You can wrap these into middleware you can apply as well:
func NoCache(h http.Handler) http.Handler) {
fn := func(w http.ResponseWriter, r *http.Request) {
// Set the headers
}
return http.HandlerFunc(fn)
}
// In your router
http.Handle("/user-dashboard", NoCache(http.HandlerFunc(YourDashboardHandler))
这篇关于高朗大猩猩会话-缓存阻止注销功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!