back button takes the user back to protected page after logout -zend framework

这一生的挚爱 提交于 2019-12-25 04:35:22

问题


I have created a pages login , logout to access a control panel scenario goes like this: user logs in and accesss the cpanel page and them logs out Problem : when login is done if user click on browser back button user goes back to login page even though authentication is done and sessions are set, at the same time if user logout , and click back button it will return back to control panel page (if user refresh the page then everything seems to be fine and usr will be redirected to login and back button won't redirect her to cpanel ) .

The problem is browser cache , I tried with both php header and html meta to prevent the page from caching but I could not succeed . Any solution to this?

My logout action code is as follow

public function logoutAction()
      {   
         $auth=Zend_Auth::getInstance();
      //If logged in then move to index
         if(!$auth->hasIdentity()){
           $this->_redirect('admin/account/redirect');

      }
         $auth->clearIdentity();
      $this->_redirect('admin/account/redirect');

   }   

回答1:


You could always run a piece of javascript onLoad that requests another PHP page using AJAX and then if the user is logged in then redirect them back to the CPanel or Login page, wherever they are supposed to be.

JQuery post would handle this quite nicely. http://api.jquery.com/jQuery.post/




回答2:


Browsers can behave differently, so what browser are you using?

Also, why bother checking if the user has an identity when logging out? Just clear the identity regardless of whether the user is logged in or not - less code, the better...

My logout code looks like:

    $auth = Zend_Auth::getInstance();
    $auth->clearIdentity();
    $this->_redirect('/identity/login');



回答3:


This is what I have in my logout action

Zend_Session::destroy();
$this->_helper->redirector('index', 'index');

And since the Zend_Auth identity is saved in a session, it gets destroyed as well. If I do a back (from the navigator) the absence of identiy is catched and I am redirected to the login screen




回答4:


The method I would use is force the login page to take place in a new window instance. When the user logs out, close that window. There will be nothing to go back to.

The alternative is to use sessions and do a POST every time the user moves to a new page. Hitting the back button here would require the content to be POSTed again, but the session would be closed and the request would fail.



来源:https://stackoverflow.com/questions/5251110/back-button-takes-the-user-back-to-protected-page-after-logout-zend-framework

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!