Node.js和Express会话处理-后退按钮问题 [英] Node.js and Express session handling - Back button problem

问题描述

我的Express应用程序中有一个受限制的区域"/dashboard".我使用一个非常小的函数来限制访问:

I have a restricted area '/dashboard' in my Express application. I use a very small function to limit the access:

app.get('/dashboard', loadUser, function(req, res){
  res.render('dashboard', {
    username: req.session.username
  });
});

function loadUser(req, res, next){
  if (req.session.auth) {
    next();
  } else {
    res.redirect('/login');
  }
};

问题是当我通过调用...注销用户时...

The problem is that when I logout a user by calling...

app.get('/logout', function(req, res){
  if (req.session) {
    req.session.auth = null;
    res.clearCookie('auth');
    req.session.destroy(function() {});
  }
  res.redirect('/login');
});

...该会话被终止，但是当我在浏览器中单击后退"按钮时，我从浏览器的缓存中获取了受限制的页面.这意味着'/dashboard'上没有GET，也没有用户登录验证.

... the session is killed but when I hit Back Button in my browser I got the restricted page from browser's cache. This means no GET on '/dashboard' and no user login validation.

我尝试在meta(玉模板)中使用无缓存，但仍然无法正常工作.

I tried using no-cache in meta (Jade Template) but it still doesn't work.

meta(http-equiv='Cache-Control', content='no-store, no-cache, must-revalidate')
meta(http-equiv='Pragma', content='no-cache')
meta(http-equiv='Expires', content='-1')

有人吗?

推荐答案

Josh的回答对我不起作用. 但是经过一番搜索，我发现了这个 问题:什么是最好的方法处理缓存和浏览器后退按钮?

Josh's answer sadly didn't work for me. But after some searching I found this question: What's the best way to deal with cache and the browser back button?

并采用了该node.js/express问题的答案. 您只需要更改以下行

and adopted the answer there to this node.js/express problem. You just have to change the following line

res.header('Cache-Control', 'no-cache');

到

res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');

现在，每次我使用浏览器后退按钮时，页面将被重新加载而不被缓存.

Now, everytime I use the browser back button, the page is reloaded and not cached.

* Express v4.x的更新*

// caching disabled for every route
server.use(function(req, res, next) {
  res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
  next();
});

// otherwise put the res.set() call into the route-handler you want

这篇关于Node.js和Express会话处理-后退按钮问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！