6

I am using python with django i want redirect users to login page when he clicks back button after logout. How to achieve this? where to write the code?

To test whether django admin handles this..i logged into django admin..logged out and then hit back button and i am able to see the previous page. Why django admin does not handle this.

This is the ccode for logout in django admin:

def logout(request):
  """
 Removes the authenticated user's ID from the request and flushes their
 session data.
 """
 request.session.flush()
 if hasattr(request, 'user'):
     from django.contrib.auth.models import AnonymousUser
     request.user = AnonymousUser()
Tim M.
  • 53,671
  • 14
  • 120
  • 163
Vivek S
  • 5,384
  • 8
  • 51
  • 72

7 Answers7

15

Finally found the solution:

from django.views.decorators.cache import cache_control

@cache_control(no_cache=True, must_revalidate=True)
def func()
  #some code
  return

This will force the browser to make request to server.

Vivek S
  • 5,384
  • 8
  • 51
  • 72
9

You may find you need to use @cache_control(no_cache=True, must_revalidate=True, no_store=True) in chrome to fully stop any back button viewing.

The key thing being no_store for chrome as I found here 1

Community
  • 1
  • 1
Polygon Pusher
  • 2,865
  • 2
  • 27
  • 32
2

+1 for Digital Cake's answer! This solved the problem of backing up into cached pages after logout on FireFox as well. I tried:

@cache_control(no_cache=True, must_revalidate=True)

on my views with no luck. Per Digital Cake, tried:

@cache_control(no_cache=True, must_revalidate=True, no_store=True)

and now Firefox backs up to the login screen.

TessellatingHeckler
  • 27,511
  • 4
  • 48
  • 87
Jeff Wilson
  • 331
  • 3
  • 11
2

I know it's an old question, but the accepted answer did not work for me. i faced the same problem (using django 1.8 & Chrome)

Finally, I found the solution from the docs (django 1.7 or later). This will work for sure.

Just see the code below

from django.contrib.auth.decorators import login_required

@login_required(login_url='/login/')
def myview(request):
    return HttpResponse(render(request,'path_to_your_view.html'))

@login_required decorator is used to handle the issue. You can check more in doc

Abhijeet Singh
  • 154
  • 1
  • 8
2

The reason that you can the admin page, after you logged out and hit back is, that you don't see the real page. Rather you see a copy of it that is in your browser cache.

Try this:

  1. go to any admin page
  2. click "Logout"
  3. hit the "Back" button in your browser
  4. press F5 or click "Refresh" in your browser.

Now you will be redirected to the login page of the admin backend.

Asocia
  • 5,935
  • 2
  • 21
  • 46
Martin Thurau
  • 7,564
  • 7
  • 43
  • 80
  • The code i have pasted is the django.contrib.auth.logout. Its not my own code..i am using django admin only. This problem exists in django admin. – Vivek S Aug 03 '11 at 09:05
  • Oh dear...*now* I understand what you are asking. I will rewrite my answer. – Martin Thurau Aug 03 '11 at 09:16
  • i know that no requests will be sent to server wen back button is clicked..but still i dont want users to see the page like google does – Vivek S Aug 03 '11 at 10:21
  • Ok, i think here is what you need: http://stackoverflow.com/questions/2510151/can-i-disable-ff3-back-button-cache – Adam Jurczyk Aug 03 '11 at 10:37
1

This is a cache problem.

You can use cache_control decorator to force no cache on views:

from django.views.decorators.cache import cache_control

@cache_control(no_cache=True, must_revalidate=True, no_store=True)
def func()
  # some code
  return

This will force the browser to make a request to the server.

More about cache_control

Khushhal
  • 645
  • 11
  • 18
0

It depends, what kind of authentication system you are using. If u are using some kind of own impl, you could write own Middleware class that redirects unathenticated users to login page.

If you are using some lib, check its docs how it handles request to secured pages from unauthenticated users.

Adam Jurczyk
  • 2,153
  • 12
  • 16