如何在用户注销后清除浏览器缓存以防止通过“返回"按钮访问私人信息 [英] How to clear browser cache after user logout to prevent access to private info via 'Back' button
问题描述
用户注销后,如果他们点击后退按钮,他们可以回到他们在注销前的最后一页.
After a user logs out, if they hit the back button, they can go back to the last page they were on before logging out.
我正在开发的应用程序通常会在公共计算机(例如图书馆或计算机实验室)上使用,我想防止用户看到以前用户会话的任何内容.
The app I am working on will often be used on a public computer (library or computer lab, for example) and I'd like to prevent users from being able to see anything from previous user sessions.
我在 Rails 3 和 Devise 上,顺便说一句,虽然这个问题似乎会出现任何框架或登录机制.
I'm on Rails 3 and Devise, btw, although it seems that this issue would come up with any framework or login mechanism.
解决方案是使用标头/元标记来禁用浏览器缓存吗?有人知道解决此问题的 gem 或教程吗?
Is the solution to use headers/meta-tags to disable browser-caching? Anybody know of a gem or tutorial that addresses this issue?
期待您的建议.
推荐答案
在应用程序控制器中使用下面的代码 .. 它对我有用.希望这会帮助你.谢谢!!
Use the below code in application controller .. it works for me. Hope this will help you. Thank you!!
代码
before_filter :set_cache_buster
def set_cache_buster
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end
这篇关于如何在用户注销后清除浏览器缓存以防止通过“返回"按钮访问私人信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!