Prevent user access to the previous page using the back button after logging out

Question

Prevent user access to the previous page using the back button after logging out

Using the phoenix framework, how can I stop a user from accessing previous pages after he logs out and clicks the "Back to back" button?

+4

elixir phoenix-framework logout

Luis angel Nov 05 '15 at 20:19

source share

1 answer

Patrick Oscity · Accepted Answer · 2015-11-06T05:42:08+0000

The browser can access the page because by default it is allowed to cache the response. If you want to prevent this, you need to set the appropriate HTTP headers on pages that require authentication, on this similar issue :

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0

You can do it in plug

defmodule MyApp.PreventCaching do
  import Plug.Conn

  def init(options) do
    options
  end

  def call(conn, _opts) do
    conn
    |> put_resp_header(conn, "cache-control", "no-cache, no-store, must-revalidate")
    |> put_resp_header(conn, "pragma", "no-cache")
    |> put_resp_header(conn, "expires", "0")
  end
end

( ) ,

plug MyApp.PreventCaching

Prevent user access to the previous page using the back button after logging out

More articles: