发表新帖
发表新帖

Prevent Browser's Back Button Login After Logout in Laravel 5

前端 未结
关注
8 811
情歌与酒
情歌与酒 2020-12-01 02:50

I am new to Laravel 5 and trying to make a simple authentication page. My problem is i can logout properly after i click to logout link but if i click to back button of the

相关标签:
8条回答
  • 生来不讨喜
    2020-12-01 03:30

    Step 1 : create one middleware using following command:

    php artisan make:middleware PreventBackHistory

    Step 2:

    replace content of PreventBackHistory.php with following content:

    <?php

namespace App\Http\Middleware;

use Closure;

class PreventBackHistory
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        return $response->header('Cache-Control','no-cache, no-store, max-age=0, must-revalidate')
            ->header('Pragma','no-cache')
            ->header('Expires','Sun, 02 Jan 1990 00:00:00 GMT');
    }
}

    step 3: register middleware in kernal.php

    'preventBackHistory' => \App\Http\Middleware\PreventBackHistory::class,

    And good to go :)

    0 讨论(0)
  • 深忆病人
    2020-12-01 03:40

    Create a middleware using artisan:

    php artisan make:middleware RevalidateBackHistory

    Within RevalidateBackHistory middleware, we set the header to no-cache and revalidate:

    <?php
namespace App\Http\Middleware;
use Closure;
class RevalidateBackHistory
{
    /**
    * Handle an incoming request.
    *
    * @param \Illuminate\Http\Request $request
    * @param \Closure $next
    * @return mixed
    */
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        return $response->header('Cache-Control','nocache, no-store, max-age=0, must-revalidate')
            ->header('Pragma','no-cache')
            ->header('Expires','Fri, 01 Jan 1990 00:00:00 GMT');
    }
}

    Update the application’s route middleware in Kernel.php:

    protected $routeMiddleware = [
    .
    .
    'revalidate' => \App\Http\Middleware\RevalidateBackHistory::class,
    .
    .
];

    And that’s all! So basically you just need to call revalidate middleware for routes which require user authentication.

    0 讨论(0)
  • 深忆病人
    2020-12-01 03:40

    You can overwrite logout method in your AuthenticatesUsers trait as:

    public function logout(Request $request)
    {
        $this->guard()->logout();
        $request->session()->invalidate();
        return $this->loggedOut($request) ?: redirect()->back();
    }
    0 讨论(0)
  • 长情又很酷
    2020-12-01 03:41

    A method I have used is to simply redirect to the previous page after logout. So long as the previous page was secured, the auth middleware will kick in and redirect you back to the login page. Now when you click the back button the previous page is no longer cached and you just get the login page again.

    Original discussion: https://laracasts.com/discuss/channels/requests/back-button-browser

    public function logout() {
        Auth::logout(); // logout user
        return redirect(\URL::previous());
}
    0 讨论(0)
  • 心在旅途
    2020-12-01 03:50

    When the user clicks the back button they're not actually logged in, its just the browser rendering what it has cached from previous page views. The user won't be able to navigate or interact with anything that requires them to be logged in because, to your application on the server, they're not authenticated.

    When the user clicks the back button you have no control over that as it doesn't make a request to the server.

    Using the back button, the only content they'll be able to view is that what they have already visited whilst logged in. If they try to access anything new, they'll make a new request to your application, your middleware will trigger and redirect them to the login page.

    I guess if you really wanted to stop this behavior you could use some JavaScript and such to send an ajax request and check if the user is logged in that way, but quite useless from a security point of view.

    0 讨论(0)
  • 广开言路
    2020-12-01 03:50

    Yeah its just a browser behavior, not any issue from laravel side but this could be a security issue. Here is how i solved it,

    1. Create new middleware

    php artisan make: middleware PreventBackHistory

    1. Replace middleware function handle
        $response = $next($request);
    $response->headers->set('Cache-Control','nocache, no-store, max-age=0, must-revalidate');
    $response->headers->set('Pragma','no-cache');
    $response->headers->set('Expires','Sun, 02 Jan 1990 00:00:00 GMT');
    return $response;
    1. Include path in Kernal

    'prevent-back-history' => \App\Http\Middleware\PreventBackHistory::class

    1. Update Routes

    Route::group(['middleware' => ['prevent-back-history','otherMiddlewares']]

    It will work for you!

    0 讨论(0)
 看不清?
提交回复
热议问题