发表新帖
发表新帖

Laravel logout fail on pressing back button

前端 未结
关注
5 1950
孤独总比滥情好
孤独总比滥情好 2021-01-06 18:17

On logout from my Laravel application using the Laravel logout method:

public function getLogout() 
    {
       Auth::logout();
       return Redirect::to(\
相关标签:
5条回答
  • 庸人自扰
    2021-01-06 18:42

    This isn't actually what you think it is.

    The back button on a browser fetches the last page in its cache for you.

    If you must really prevent this, then you have two options:

    1. Disable caching (usually a bad idea). See How to control web page caching, across all browsers? for that.
    2. Have a JavaScript keep-alive to a resource in the page and redirect the user if this keepalive shows the user is not logged in.

    Personally I'd just blame caching and ignore it. There's also a third option: using the HTML5 history API, but that's probably way over the top.

    0 讨论(0)
  • 予麋鹿
    2021-01-06 18:44

    Yes. As @Amelia wrote, that problem is because of browser cache but not Laravel. Sending response with no-cache is one solution, but that is not always good. You might have to pay a extra hosting fee if you implement that solution.

    I tried to solve this issue with a bit of javascript code in my base template just before </body> tag.

    <script type="text/javascript">
    $(document).ready(function() {
        var isAuth = "<?php echo Auth::check(); ?>";

        if (location.href === 'http://local.myapp.in/login/')
        {
            if (isAuth) location.href('/home');
        }
        else
        {
            if (!isAuth) location.href('/login');
        }
    });
</script>

    In the above code, replace http://local.myapp.in/login/ with your login page URL. So each time a page is loaded, this code gets executed. If the user is trying to access any restricted page without loggedin, then he will be redirected to login page. And if a user is trying to access login page when logged in, browser will be redirected to home page.

    Since, it is js code, even if the page is loaded from browser cache this piece of code runs.

    0 讨论(0)
  • 谎友^
    2021-01-06 18:56

    I tried with this and it works.

    In routes:

    Route::group(array('before' => 'auth', 'after' => 'no-cache'), function()
{
Route::get('dashboard', array('as' => 'getDashboard', 'uses' => 'DashboardController@getIndex'));

Route::get('logout', array('as' => 'getLogout', 'uses' => 'LoginController@getLogout'));

Route::group(array('prefix' => 'users'), function()
{
    Route::get('users', array('as' => 'getUsers', 'uses' => 'UsersController@getIndex', 'before' => 'hasAccess:users.index'));
});
});

    In filters:

    Route::filter('no-cache',function($route, $request, $response){

$response->headers->set('Cache-Control','nocache, no-store, max-age=0, must-revalidate');
$response->headers->set('Pragma','no-cache');
$response->headers->set('Expires','Fri, 01 Jan 1990 00:00:00 GMT');

});
    0 讨论(0)
  • 一个人的身影
    2021-01-06 19:01

    Here is how I solved it in Laravel 5 usign middleware:

    Create a NoCache middleware like this:

    Go through this: How do I implement before vs. after filters in middleware?

    class NoCache {
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        $response->headers->set('Cache-Control','nocache, no-store, max-age=0, must-revalidate'); 
        $response->headers->set('Pragma','no-cache'); 
        $response->headers->set('Expires','Fri, 01 Jan 1990 00:00:00 GMT');
        return $response;
    }
}

    Then register this middleware in kernel.php: Running middleware on every request

    0 讨论(0)
  • 半阙折子戏
    2021-01-06 19:05

    Since I am new in Laravel. So in Laravel 5.7 I fixed that problem in my way. Create a middleware using artisan.

    php artisan make:middleware RevalidateBackHistory

    Within RevalidateBackHistory middleware, we set the header to no-cache and revalidate.

    <?php
namespace App\Http\Middleware;
use Closure;
class RevalidateBackHistory
{
    /**
    * Handle an incoming request.
    *
    * @param \Illuminate\Http\Request $request
    * @param \Closure $next
    * @return mixed
    */
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        return $response->header('Cache-Control','nocache, no-store, max-age=0, must-revalidate')
            ->header('Pragma','no-cache')
            ->header('Expires','Fri, 01 Jan 1990 00:00:00 GMT');
    }
}

    Update the application’s route middleware in Kernel.php

    protected $routeMiddleware = [
    .
    .
    'revalidate' => \App\Http\Middleware\RevalidateBackHistory::class,
    .
    .
];

    Update the route in Web.php. In my case.

    Route::group(['middleware' => 'revalidate'], function(){
    Route::get('/', 'HomeController@index');
    Route::get('/home', 'HomeController@index');
    Route::get('/dashboard', 'HomeController@index');
});

    And that’s all! So basically you just need to call revalidate middleware for routes which require user authentication.

    Here is the url's I followed

    Prevent Browser's Back Button Login After Logout in Laravel 5

    https://www.youtube.com/watch?v=wLkA1g2s65U

    0 讨论(0)
 看不清?
提交回复
热议问题