3

I try to kill browser cache when user logout. I implement the LogoutSuccessHandlerInterface to extends the onLogoutSuccess method. There is no error but when I logout, I can press back button in browser and I see my profil page => If I refresh this page, I am automatically redirected, so I am correctly logged out.

security.yml

logout:
    path:   /logout
    target: /
    invalidate_session: true
    success_handler: project_user.handler.logout_handler

services.yml

project_user.handler.logout_handler:
    class:  Project\UserBundle\Handler\LogoutHandler

Project/UserBundle/Handler/LogoutHandler.php

<?php
namespace Project\UserBundle\Handler;

use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RedirectResponse;

class LogoutHandler implements LogoutSuccessHandlerInterface
{
  public function onLogoutSuccess( Request $request )
  {
    $response =  new RedirectResponse( '/' );

    $response->headers->addCacheControlDirective( 'no-cache', true );
    $response->headers->addCacheControlDirective( 'max-age', 0 );
    $response->headers->addCacheControlDirective( 'must-revalidate', true );
    $response->headers->addCacheControlDirective( 'no-store', true );

    return $response;
  }
}

I try with this solution and that works perfectly, but this method is called for each requests (many time for each pages) and caused slowdowns. Please help!

thx

Community
  • 1
  • 1
Gaetan
  • 66
  • 1
  • 6

2 Answers2

0

Try this, works for me.

<?php 

namespace YourBundle;

use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;

class KernelSubscriber implements EventSubscriberInterface {

    public static function getSubscribedEvents() {
        return array(
            KernelEvents::RESPONSE => array(
                array('clearBrowserCache', 434255),
            ),
        );
    }

    public function clearBrowserCache(FilterResponseEvent $event) {
        $response = $event->getResponse();

        $response->headers->addCacheControlDirective('no-cache', true);
        $response->headers->addCacheControlDirective('max-age', 0);
        $response->headers->addCacheControlDirective('must-revalidate', true);
        $response->headers->addCacheControlDirective('no-store', true);        
    }

}

services.yml

kernel_subscriber:
    class: YourBundle\KernelSubscriber
    tags:
        - { name: kernel.event_subscriber }
Yuriy Yakubskiy
  • 539
  • 5
  • 6
-1

A method I have used with some success is simply to redirect to the previous page after logout. If the previous page was secured, your auth system will then redirect back to the login page. Now when you press the back button you should hit the login page again.

See my post here for an example in Laravel: https://laracasts.com/discuss/channels/requests/back-button-browser

sitesense
  • 145
  • 3