laravel 注销后如何防止浏览器的后退按钮登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31334306/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How I Prevent Browser's Back Button Login After Logout
提问by Diksha
My problem is i can logout properly after i click to logout link but if i click to back button of the browser, still able to see the content of the page which actually should not be seen with respect to my auth middleware process. I read i can prevent this by disabling caching but don't think it is the best way to do this so how can i make this in a better way ?MY Logout Function is
我的问题是我可以在单击注销链接后正确注销,但是如果我单击浏览器的后退按钮,仍然能够看到页面的内容,而对于我的身份验证中间件过程,实际上不应该看到这些内容。我读到我可以通过禁用缓存来防止这种情况,但不认为这是最好的方法,所以我怎样才能以更好的方式做到这一点?我的注销功能是
public function logout()
{
Auth::logout();
Session::flush();
return redirect('login');
}
My Route Is:
我的路线是:
Route::get('logout','Homecontroller@logout');
Thanx In advance
提前谢谢
回答by user2479930
This problem is with the browser. The browser caches the content of the page and serves that cached content to the user when you are hitting the back button.
这个问题与浏览器有关。浏览器缓存页面的内容,并在您点击后退按钮时将缓存的内容提供给用户。
Set up cache-control meta tags on the pages that requires that a user is logged in. That way you are telling the browser not to cache it.
在需要用户登录的页面上设置缓存控制元标记。这样你就告诉浏览器不要缓存它。
E.g:
例如:
<meta http-equiv="cache-control" content="private, max-age=0, no-cache">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="0">
回答by serdar.sanri
Use a simple AJAX request on top of your page (something like a ping service), set cache false and put some clause in it to redirect visitor to login if not authenticated.
在页面顶部使用一个简单的 AJAX 请求(类似于 ping 服务),将缓存设置为 false 并在其中放置一些子句以重定向访问者以在未通过身份验证的情况下登录。
So after logout, if you try to go back even if the main page is cached by the browser it will still try to load AJAX request back on page load. And since user authentication is not valid anymore it will redirect the user back to the login page.
因此,注销后,如果您尝试返回,即使浏览器缓存了主页,它仍会尝试在页面加载时重新加载 AJAX 请求。由于用户身份验证不再有效,它会将用户重定向回登录页面。
回答by Mr.Gandhi
Add this javascript code, it will prevent redirect.
添加此 javascript 代码,它将阻止重定向。
history.pushState(null, null, document.URL);
window.addEventListener('popstate', function () {
history.pushState(null, null, document.URL);
});
回答by Rohit Dhiman
This javascript code worked for me:
这个javascript代码对我有用:
<script>
// previous page should be reloaded when user navigate through browser navigation
// for mozilla
window.onunload = function(){};
// for chrome
if (window.performance && window.performance.navigation.type === window.performance.navigation.TYPE_BACK_FORWARD) {
location.reload();
}
</script>
Tested on Chrome Version 80.0.3987.122 (Official Build) (64-bit) and Firefox 73.0.1 (64-bit)
在 Chrome 版本 80.0.3987.122(官方版本)(64 位)和 Firefox 73.0.1(64 位)上测试
回答by Ali Hassan
Create a middleware using artisan
使用 artisan 创建中间件
php artisan make:middleware RevalidateBackHistory
Within RevalidateBackHistory middleware, we set the header to no-cache and revalidate
在 RevalidateBackHistory 中间件中,我们将标头设置为 no-cache 并重新验证
<?php
namespace App\Http\Middleware;
use Closure;
class RevalidateBackHistory
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
return $response->header('Cache-Control','nocache, no-store, max-age=0, must-revalidate')
->header('Pragma','no-cache')
->header('Expires','Fri, 01 Jan 1990 00:00:00 GMT');
}
}
Update the application's route middleware in Kernel.php
在 Kernel.php 中更新应用程序的路由中间件
protected $routeMiddleware = [
.
.
'revalidate' => \App\Http\Middleware\RevalidateBackHistory::class,
.
.
];
And that's all! So basically you just need to call revalidate middleware for routes which require user authentication.
就这样!所以基本上你只需要为需要用户身份验证的路由调用 revalidate 中间件。
