在 Laravel 5 中注销后防止浏览器的后退按钮登录 [英] Prevent Browser's Back Button Login After Logout in Laravel 5

查看:24
本文介绍了在 Laravel 5 中注销后防止浏览器的后退按钮登录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我是 Laravel 5 的新手,正在尝试制作一个简单的身份验证页面.我的问题是我可以在单击注销链接后正确注销,但是如果我单击浏览器的后退按钮,仍然能够看到页面的内容,而对于我的身份验证中间件过程,实际上不应该看到这些内容.我读到我可以通过禁用缓存来防止这种情况发生,但不认为这是最好的方法,所以我怎样才能以更好的方式做到这一点?只是我的注销路线是

I am new to Laravel 5 and trying to make a simple authentication page. My problem is i can logout properly after i click to logout link but if i click to back button of the browser, still able to see the content of the page which actually should not be seen with respect to my auth middleware process. I read i can prevent this by disabling caching but don't think it is the best way to do this so how can i make this in a better way ? Simply my logout route is

Route::get('logout', array('uses' => 'LoginController@logout'));

注销功能是:

public function logout() {
        Auth::logout(); // logout user
        Session::flush();
        Redirect::back();
        return Redirect::to('pages/login'); //redirect back to login
}

推荐答案

当用户点击后退按钮时,他们没有实际登录,它只是浏览器呈现它所拥有的缓存从以前的页面视图.用户将无法浏览任何需要他们登录的内容或与之交互,因为对于服务器上的应用程序,他们没有经过身份验证.

When the user clicks the back button they're not actually logged in, its just the browser rendering what it has cached from previous page views. The user won't be able to navigate or interact with anything that requires them to be logged in because, to your application on the server, they're not authenticated.

当用户点击返回按钮时,您无法控制它,因为它不会向服务器发出请求.

When the user clicks the back button you have no control over that as it doesn't make a request to the server.

使用后退按钮,他们唯一能够查看的内容是他们在登录时已经访问过的内容.如果他们尝试访问任何新内容,他们会向您的应用程序、您的中间件发出新请求将触发并将它们重定向到登录页面.

Using the back button, the only content they'll be able to view is that what they have already visited whilst logged in. If they try to access anything new, they'll make a new request to your application, your middleware will trigger and redirect them to the login page.

我想如果你真的想阻止这种行为,你可以使用一些 JavaScript 等来发送一个 ajax 请求并检查用户是否以这种方式登录,但从安全的角度来看毫无用处.

I guess if you really wanted to stop this behavior you could use some JavaScript and such to send an ajax request and check if the user is logged in that way, but quite useless from a security point of view.

这篇关于在 Laravel 5 中注销后防止浏览器的后退按钮登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆