在Laravel 5中注销后防止浏览器的后退按钮登录 [英] Prevent Browser's Back Button Login After Logout in Laravel 5

问题描述

我是Laravel 5的新手，正在尝试制作一个简单的身份验证页面.我的问题是，单击注销链接后，我可以正确注销，但是如果单击浏览器的后退按钮，仍然能够看到页面的内容，对于我的身份验证中间件过程，实际上不应该看到该页面的内容.我读到我可以通过禁用缓存来防止这种情况，但我认为这不是最好的方法，那么我怎样才能更好地做到这一点呢?简而言之，我的登出路线是

I am new to Laravel 5 and trying to make a simple authentication page. My problem is i can logout properly after i click to logout link but if i click to back button of the browser, still able to see the content of the page which actually should not be seen with respect to my auth middleware process. I read i can prevent this by disabling caching but don't think it is the best way to do this so how can i make this in a better way ? Simply my logout route is

Route::get('logout', array('uses' => 'LoginController@logout'));

注销功能是:

public function logout() {
        Auth::logout(); // logout user
        Session::flush();
        Redirect::back();
        return Redirect::to('pages/login'); //redirect back to login
}

推荐答案

当用户单击后退"按钮时，他们实际上未登录，只是浏览器呈现了它的内容从先前的网页浏览中缓存.用户无法进行导航或与需要他们登录的任何内容进行交互，因为在服务器上您的应用程序未通过身份验证.

When the user clicks the back button they're not actually logged in, its just the browser rendering what it has cached from previous page views. The user won't be able to navigate or interact with anything that requires them to be logged in because, to your application on the server, they're not authenticated.

当用户单击后退按钮时，您无法控制它，因为它不会向服务器发出请求.

When the user clicks the back button you have no control over that as it doesn't make a request to the server.

使用后退按钮，他们将只能查看登录时已经访问的内容.如果他们尝试访问任何新内容，则将向您的应用程序(中间件)提出新请求将会触发并将他们重定向到登录页面.

Using the back button, the only content they'll be able to view is that what they have already visited whilst logged in. If they try to access anything new, they'll make a new request to your application, your middleware will trigger and redirect them to the login page.

我想如果您真的想停止这种行为，则可以使用一些JavaScript之类的方法来发送ajax请求并检查用户是否以这种方式登录，但是从安全角度来看却毫无用处.

I guess if you really wanted to stop this behavior you could use some JavaScript and such to send an ajax request and check if the user is logged in that way, but quite useless from a security point of view.

这篇关于在Laravel 5中注销后防止浏览器的后退按钮登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！