I have a Perl script which Logs in the user. After the user logs out, I am able to go back to the login page by pressing the back button. How can I prevent the user from doing so. The user should be prompted to login again after logging out. Also, after logging in when I press the back button the page redirects me to the login where logging in again should be mandatory. In short the user should not be able to access the protected pages unless he authorizes.
Asked
Active
Viewed 340 times
1
-
1I take it your server won't deliver the page based on stale credentials. If that's so, then your problem is client caching. You can _ask_ the client not to cache, but you can't force it. http://stackoverflow.com/questions/1341089/using-meta-tags-to-turn-off-caching-in-all-browsers – Sobrique Feb 19 '15 at 19:54
2 Answers
2
A JavaScript solution from http://jakub.fedyczak.net/post/force-page-refresh-on-back-button/:
Put
<body onunload="">in your HTML output
Headers to set, as suggested by Quora's Adam D'Angelo:
Cache-Control: private, no-store, max-age=0, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
mob
- 117,087
- 18
- 149
- 283
2
In general,you should have some logic on the page that checks if the session is active/present and perform either a redirect (302, 307, etc...) that will send it to a login/authentication page, or a forbidden/authentication error (403, 401, etc...). That in addition to what @mob mentioned already, which will cause the browser to expire its local cache for that page.
dryajov
- 445
- 3
- 13