问题
I have a view to enter an account, then called the controller where the data is validated and are then saved with the method of authentication
public function doLogin(){
$rules = array(
'email' => 'required|email',
'password' => 'required'
);
$validator = Validator::make(Input::all(), $rules);
//dd(Input::all());
if($validator->fails()){
return Redirect::to('usuarios')->withErrors($validator)->withInput(Input::except('password'));
}else{
$userdata = array(
'email' => Input::get('email'),
'password' => Input::get('password')
);
if(Auth::attempt($userdata)){
return View::make('principal');
}else{
return Redirect::to('usuarios');
}
}
}
I also have the function to exit the session
Route::get('usuarios/logout', function(){
Auth::logout();
return Redirect::to('usuarios'); //login page
})->before('auth');
The problem is that when I press the back button of the browser, I can use without problems the application but without the authentication.
Route
Route::get('usuarios', function(){
return View::make('login');
})->before('guest');
Route::get('usuarios/view', function(){
$usuarios = Usuario::paginate(5);
return View::make('viewusuario', array('usuarios' => $usuarios));
})->before('auth');
Route::get('usuario/create', function(){
return View::make('formusuario');
})->before('auth');
Filter
Route::filter('auth', function()
{
if (Auth::guest()) return Redirect::guest('usuarios'); //login page
});
Route::filter('guest', function()
{
if (Auth::check()){
return View::make('principal'); //home page
}
});
How can I fix it?
回答1:
The problem is related to browser cache, not Laravel.
To handle browser cache you can use the following code in one of your start files or in a service provider:
App::after(function($request, $response)
{
$response->headers->set('Cache-Control','nocache, no-store, max-age=0, must-revalidate');
$response->headers->set('Pragma','no-cache');
$response->headers->set('Expires','Fri, 01 Jan 1990 00:00:00 GMT');
});
Here we are just modifying each responses within Laravel using application events.
Some people said that this works for all web browser but not for IE. So for IE, you should add a bunch of meta tags to your layout:
<meta http-equiv="cache-control" content="max-age=0" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="cache-control" content="no-store" />
<meta http-equiv="cache-control" content="must-revalidate" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
<meta http-equiv="pragma" content="no-cache" />
回答2:
The problem lies in the browser cache, when you go back, the browser doesn't query everything, for the sake of speed it just loads the page from cache. But when you reload that page ctrl + r it won't work. You can disable page caching like other people said here, but it will cost you the performance of the website and more bills if you are on a cloud hosting. So cache is good, keep it.
You should try to group all the pages that need auth filter so you don't forget to add that filter, we're all human, sometimes we forget.
Route::group(['before' => 'auth', function(){
Route::get('usarios/view', function() { ... });
Route::get('usarios/create', function() { ... });
}]);
Route::group(['before' => 'guest', function(){
Route::get('usarios/login', 'AuthController@showLogin');
Route::post('usarios/login', 'AuthController@doLogin');
}]);
Also, try to not display the main user page in the login post, in your case doLogin. You should redirect the user to a new page showing the user home page.
来源:https://stackoverflow.com/questions/23916096/why-the-filter-does-not-work-when-the-back-button-of-the-browser-is-pressed-in-l