php 在 Laravel 5 中注销后防止浏览器的后退按钮登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30118998/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Prevent Browser's Back Button Login After Logout in Laravel 5
提问by Tartar
I am new to Laravel 5 and trying to make a simple authentication page. My problem is i can logout properly after i click to logout link but if i click to back button of the browser, still able to see the content of the page which actually should not be seen with respect to my auth middleware process. I read i can prevent this by disabling caching but don't think it is the best way to do this so how can i make this in a better way ? Simply my logout route is
我是 Laravel 5 的新手,正在尝试制作一个简单的身份验证页面。我的问题是我可以在单击注销链接后正确注销,但是如果我单击浏览器的后退按钮,仍然能够看到页面的内容,而对于我的身份验证中间件过程实际上不应该看到这些内容。我读到我可以通过禁用缓存来防止这种情况发生,但不认为这是最好的方法,所以我怎样才能以更好的方式做到这一点?只是我的注销路线是
Route::get('logout', array('uses' => 'LoginController@logout'));
Logout function is:
登出功能为:
public function logout() {
Auth::logout(); // logout user
Session::flush();
Redirect::back();
return Redirect::to('pages/login'); //redirect back to login
}
回答by RaZik
Create a middleware using artisan:
使用 artisan 创建一个中间件:
php artisan make:middleware RevalidateBackHistory
Within RevalidateBackHistory middleware, we set the header to no-cache and revalidate:
在 RevalidateBackHistory 中间件中,我们将标头设置为 no-cache 并重新验证:
<?php
namespace App\Http\Middleware;
use Closure;
class RevalidateBackHistory
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
return $response->header('Cache-Control','nocache, no-store, max-age=0, must-revalidate')
->header('Pragma','no-cache')
->header('Expires','Fri, 01 Jan 1990 00:00:00 GMT');
}
}
Update the application's route middleware in Kernel.php:
在 Kernel.php 中更新应用程序的路由中间件:
protected $routeMiddleware = [
.
.
'revalidate' => \App\Http\Middleware\RevalidateBackHistory::class,
.
.
];
And that's all! So basically you just need to call revalidate middleware for routes which require user authentication.
就这样!所以基本上你只需要为需要用户身份验证的路由调用 revalidate 中间件。
回答by Wader
When the user clicks the back button they're notactually logged in, its just the browser rendering what it has cachedfrom previous page views. The user won'tbe able to navigate or interact with anything that requires them to be logged in because, to your application on the server, they're not authenticated.
当用户单击后退按钮时,他们实际上并未登录,它只是浏览器呈现它从以前的页面视图中缓存的内容。用户将无法导航或与需要他们登录的任何内容交互,因为对于服务器上的应用程序,他们没有经过身份验证。
When the user clicks the back buttonyou have no control over that as it doesn't make a request to the server.
当用户单击后退按钮时,您无法控制它,因为它不会向服务器发出请求。
Using the back button, the only content they'll be able to view is that what they have already visited whilst logged in. If they try to access anything new, they'll make a new request to your application, your middleware will trigger and redirect them to the login page.
使用后退按钮,他们唯一能够查看的内容是他们在登录时已经访问过的内容。如果他们尝试访问任何新内容,他们将向您的应用程序发出新请求,您的中间件将触发并将它们重定向到登录页面。
I guess if you really wanted to stop this behavior you could use some JavaScript and such to send an ajax request and check if the user is logged in that way, but quite useless from a security point of view.
我想如果你真的想停止这种行为,你可以使用一些 JavaScript 等来发送一个 ajax 请求并检查用户是否以这种方式登录,但从安全的角度来看毫无用处。
回答by Payal
Step 1 : create one middleware using following command:
第 1 步:使用以下命令创建一个中间件:
php artisan make:middleware PreventBackHistory
Step 2:
第2步:
replace content of PreventBackHistory.php with following content:
用以下内容替换 preventBackHistory.php 的内容:
<?php
namespace App\Http\Middleware;
use Closure;
class PreventBackHistory
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
return $response->header('Cache-Control','no-cache, no-store, max-age=0, must-revalidate')
->header('Pragma','no-cache')
->header('Expires','Sun, 02 Jan 1990 00:00:00 GMT');
}
}
step 3: register middleware in kernal.php
第三步:在kernal.php中注册中间件
'preventBackHistory' => \App\Http\Middleware\PreventBackHistory::class,
And good to go :)
很高兴去:)
回答by sitesense
A method I have used is to simply redirect to the previous page after logout. So long as the previous page was secured, the auth middleware will kick in and redirect you back to the login page. Now when you click the back button the previous page is no longer cached and you just get the login page again.
我使用的一种方法是在注销后简单地重定向到上一页。只要前一个页面是安全的,auth 中间件就会启动并将您重定向回登录页面。现在,当您单击后退按钮时,上一页不再缓存,您只需再次获得登录页面。
Original discussion: https://laracasts.com/discuss/channels/requests/back-button-browser
原始讨论:https: //laracasts.com/discuss/channels/requests/back-button-browser
public function logout() {
Auth::logout(); // logout user
return redirect(\URL::previous());
}
回答by Nadim
You can overwrite logout method in your AuthenticatesUserstrait as:
您可以将AuthenticatesUsers特征中的注销方法覆盖为:
public function logout(Request $request)
{
$this->guard()->logout();
$request->session()->invalidate();
return $this->loggedOut($request) ?: redirect()->back();
}
回答by emonik
Try redirecting to a protected route with authmiddleware:
尝试使用auth中间件重定向到受保护的路由:
return redirect('home');
so it will force redirect to the login page & the back button will not show the previous page
所以它会强制重定向到登录页面 & 后退按钮不会显示上一页
