如何在用户注销后清除浏览器缓存以防止通过“后退"按钮访问私人信息 [英] How to clear browser cache after user logout to prevent access to private info via 'Back' button

问题描述

用户注销后，如果他们点击后退按钮，他们可以返回到注销前的最后一页.

After a user logs out, if they hit the back button, they can go back to the last page they were on before logging out.

我正在开发的应用通常会在公共计算机(例如图书馆或计算机实验室)上使用，我希望防止用户看到以前用户会话中的任何内容.

The app I am working on will often be used on a public computer (library or computer lab, for example) and I'd like to prevent users from being able to see anything from previous user sessions.

我在使用 Rails 3 和 Devise，顺便说一句，尽管这个问题似乎会出现在任何框架或登录机制上.

I'm on Rails 3 and Devise, btw, although it seems that this issue would come up with any framework or login mechanism.

是使用标头/元标签禁用浏览器缓存的解决方案吗?有人知道解决这个问题的 gem 或教程吗?

Is the solution to use headers/meta-tags to disable browser-caching? Anybody know of a gem or tutorial that addresses this issue?

期待您的建议.

推荐答案

在应用程序控制器中使用以下代码..它对我有用.希望这会帮助你.谢谢！！

Use the below code in application controller .. it works for me. Hope this will help you. Thank you!!

代码

before_filter :set_cache_buster

def set_cache_buster
   response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
   response.headers["Pragma"] = "no-cache"
   response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end

这篇关于如何在用户注销后清除浏览器缓存以防止通过“后退"按钮访问私人信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！