避免在退出后退回 [英] avoid go back after logout

问题描述

我发现了这些问题，其中op与我有相同的问题。

i found these questions, where the op has the same problem than me.

1

1 2

但是，我无法解决我的问题。用户按下注销按钮，然后页面重定向到index.php，但浏览器中的后退按钮将页面重定向到上一个内容（受登录保护）。

However, i can't solve my problem. The user press logout button, then the page is redirected to index.php, but the back button in browser redirects the page to the previous content (protected by login).

刷新后，一切正常，后退按钮停止工作 - >用户被重定向到登录窗体。

After refresh, all works well, the back button stops to work -> the user is redirected to login form.

php文件

<?php
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
header ("Pragma: no-cache");

if(empty($_COOKIE['first_name'])) {
    header("Location:index.php");
    exit();
}

if(isset($_GET['logout'])) {
    setcookie ("first_name", "", time() - 3600);
    unset($_COOKIE);
    header("Location:index.php");
    exit();
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> 
<head>   
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
</head>
<body>

    <a href="?logout">logout</a>

</body>
</html>

推荐答案

即使用户可以按返回按钮和查看由登录保护的上一页，并不意味着用户再次登录。他们不能做任何事情 - 它只是一个他们以前看过的页面的静态副本。

Even though the user can press the back button and see the previous page which was protected by login, doesn't mean the user is logged in again. They can't do anything - it is just a static copy of a page they previously viewed.

这是正常的行为，用户可以按返回按钮，页面和网站不应尝试打破这一点。这是一个浏览器功能。

It is normal behaviour that the user can press the back button and see previous pages, and sites should not attempt to break this. It is a browser feature.

在大多数情况下，即使在用户登录时，也可以安全地允许后退按钮正常操作。用户登录会对用户造成不良的可用性后果。为了防止用户退出登录后返回到某个页面，您必须确保在登录时查看的所有页面都不会返回到后退按钮，从而打破整个会话的后退按钮。

In most circumstances, it is safe to allow the back button to operate normally even while a user is logged in. Breaking the back button while a user is logged in would have bad usability consequences for the user. In order to prevent a user returning to a page after logging out, you'd have to make sure all pages they view while logged in cannot be returned to with the back button, which breaks the back button for their entire session.

有一些方法可以用来尝试禁用已登录会话的后退按钮，例如通过声明一个页面不可缓存（和不可缓存）。这些可以提供或可以不提供不同程度的防止背部按钮使用。在stackoverflow有很多其他问题，禁用后退按钮 - 如果你想忽略的建议，并试图阻止它，请检查它。

There are methods you can use to try and disable the back button for logged in sessions, such as by declaring a page to be uncacheable (and unstorable). These may or may not offer varying degrees of protection against back button use. There are plenty of other questions on stackoverflow about disabling the back button - if you want to ignore advice and try to prevent it, please check it out.

这篇关于避免在退出后退回的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！