Browser back button is showing previous page after logout in Grails

Question

I am using grails-2.4.5 version and spring-security-core-2.0-RC5. I have set a default target URI in config.groovy page. When user login then they can access to that page, when logout no access, should display only login page.

My problem is, when user logout login page is displayed, but if browser back button is hit then the default target page is displayed although he can't access any action. But it odd. My config is given below:

in config.groovy >>

grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/dashboard/index'    
grails.plugin.springsecurity.logout.postOnly = false

my url mapping class >>

    class UrlMappings {

    static mappings = {
        "/$controller/$action?/$id?(.$format)?"{
            constraints {
                // apply constraints here
            }
        }

        "/"(controller:"login", action: "auth")
        "500"(view:'/error')
    }
}

my default target uri method >>

    class DashboardController {

    def index() {
    }
}

The back button will show the previous page because the browser caches it. — AVX-42, Oct 20 '19 at 16:29
You can add headers to not-cache and revalidate see [this answer](https://stackoverflow.com/a/17780340/10669139). See [this post](https://www.codeproject.com/Tips/549347/Browser-Back-Button-Issue-After-Logout-2) for more details. — AVX-42, Oct 20 '19 at 16:33
If you have tried something new, then please add this to the question. — cfrick, Oct 21 '19 at 06:45

Rahul Mahadik · Answer 1 · 2019-10-22T07:11:24.313

0

There are many possible ways to stop,

Browser back button is showing previous page after logout

With JavaScript, you can clear location history or disable back button.

<script>
history.pushState(null, null, location.href);
window.onpopstate = function () {
    history.go(1);
};
</script>

Demo

Here you will get many possible options

Hope this will helps you.

edited Oct 22 '19 at 07:11

answered Oct 22 '19 at 04:45

Rahul Mahadik

11,668
6
41
54

I am using 2.4.5 version. But the documentation is for 4.0.0. Is it possible to use AuthInterceptor in my version? if so then some example will be so nice – Sumon Bappi Oct 22 '19 at 06:31
@SumonBappi Please check https://grails.github.io/grails2-doc/2.4.5/guide/theWebLayer.html#interceptors – Rahul Mahadik Oct 22 '19 at 06:36
As I understand this will only work if any request is passed to the controller, But when I click browser back button no action is being called, just the cached view is shown. I want to display there login page. – Sumon Bappi Oct 22 '19 at 06:45
ohh then, best way to go with JavaScript – Rahul Mahadik Oct 22 '19 at 06:53
Thanks, I will test later and make your answer as accepted. – Sumon Bappi Oct 22 '19 at 07:53
This problem should not be solved with the back button manipulation. This is browser cache issue and should be solved with proper headers that are suggested in the above comments in the question itself – Tuomas Valtonen Oct 22 '19 at 09:40

Browser back button is showing previous page after logout in Grails

1 Answers1