高朗大猩猩会话-缓存阻止注销功能 [英] Golang & Gorilla Sessions - Cache Prevents Logout Functionality

问题描述

我已经构建了一个使用Go Gorilla会话包的应用程序.一切似乎都很好，除非在我注销时实现

I've built an application that uses the Go Gorilla sessions package. Everything seems fine, except when on logout I implement

func logout(w http.ResponseWriter, r *http.Request) {
  session, _ := store.Get(r, "authsesh")
  session.Values["access"] = "denied"
  session.Save(r, w)
  http.Redirect(w, r, "/", 302)
  return
}

由于需要身份验证的页面已由浏览器缓存，因此注销后仍可以访问该页面.我该如何解决?有没有一种方法可以防止浏览器缓存页面?Cookie没什么问题，如果我清除缓存并保留Cookie，则可以看到注销已达到预期的效果.

Because the page requiring authentication is cached by the browser, it can still be accessed after logout. How can I get around that? Is there a way to prevent the browser from caching the page? There's nothing wrong with the cookie, if I clear the cache and keep the cookie I can see the logout has had the desired effect.

推荐答案

在处理程序中设置正确的缓存头:

Set the correct cache headers in your handler(s):

w.Header().Set("Cache-Control", "no-cache, private, max-age=0")
w.Header().Set("Expires", time.Unix(0, 0).Format(http.TimeFormat))
w.Header().Set("Pragma", "no-cache")
w.Header().Set("X-Accel-Expires", "0")

请注意，我们设置了多个标头来说明代理和HTTP/1.0客户端.

Note that we set multiple headers to account for proxies and HTTP/1.0 clients.

您可以将它们包装到也可以应用的中间件中:

You can wrap these into middleware you can apply as well:

func NoCache(h http.Handler) http.Handler) {
    fn := func(w http.ResponseWriter, r *http.Request) {
        // Set the headers
    }

    return http.HandlerFunc(fn)
}

// In your router
http.Handle("/user-dashboard", NoCache(http.HandlerFunc(YourDashboardHandler))

这篇关于高朗大猩猩会话-缓存阻止注销功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！