问题
I have created a pages login , logout to access a control panel scenario goes like this: user logs in and accesss the cpanel page and them logs out Problem : when login is done if user click on browser back button user goes back to login page even though authentication is done and sessions are set, at the same time if user logout , and click back button it will return back to control panel page (if user refresh the page then everything seems to be fine and usr will be redirected to login and back button won't redirect her to cpanel ) .
The problem is browser cache , I tried with both php header and html meta to prevent the page from caching but I could not succeed . Any solution to this?
My logout action code is as follow
public function logoutAction()
{
$auth=Zend_Auth::getInstance();
//If logged in then move to index
if(!$auth->hasIdentity()){
$this->_redirect('admin/account/redirect');
}
$auth->clearIdentity();
$this->_redirect('admin/account/redirect');
}
回答1:
You could always run a piece of javascript onLoad that requests another PHP page using AJAX and then if the user is logged in then redirect them back to the CPanel or Login page, wherever they are supposed to be.
JQuery post would handle this quite nicely. http://api.jquery.com/jQuery.post/
回答2:
Browsers can behave differently, so what browser are you using?
Also, why bother checking if the user has an identity when logging out? Just clear the identity regardless of whether the user is logged in or not - less code, the better...
My logout code looks like:
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
$this->_redirect('/identity/login');
回答3:
This is what I have in my logout action
Zend_Session::destroy();
$this->_helper->redirector('index', 'index');
And since the Zend_Auth identity is saved in a session, it gets destroyed as well. If I do a back (from the navigator) the absence of identiy is catched and I am redirected to the login screen
回答4:
The method I would use is force the login page to take place in a new window instance. When the user logs out, close that window. There will be nothing to go back to.
The alternative is to use sessions and do a POST every time the user moves to a new page. Hitting the back button here would require the content to be POSTed again, but the session would be closed and the request would fail.
来源:https://stackoverflow.com/questions/5251110/back-button-takes-the-user-back-to-protected-page-after-logout-zend-framework