All geek questions in one place

Deny login to the browser button of the browser after logging out in Laravel 5

I am new to Laravel 5 and trying to make a simple authentication page. My problem is that I can log out correctly after I click the exit link, but if I click the back button in the browser, I can still see the contents of the page, which should not really be considered in relation to my middleware process. I read that I can prevent this by disabling caching, but I don't think this is the best way to do this, so how can this be improved? Just my exit route

Route::get('logout', array('uses' => ' LoginController@logout '));

Output function:

 public function logout() { Auth::logout(); // logout user Session::flush(); Redirect::back(); return Redirect::to('pages/login'); //redirect back to login }
+11
source share
5 answers

When the user clicks the back button, they really are nā€™t , but only a browser that displays what he cached from previous page views. The user will not be able to move or interact with anything that requires them to log in, because for your application on the server they are not authenticated.

When the user presses the back button, you have no control over this as he does not make a request to the server .

Using the back button, the only content that they can view is what they already visited during login. If they try to access something new, they will make a new request to your application, your middleware will call and redirect them to the login page.

I think if you really wanted to stop this behavior, you could use some kind of JavaScript and such as to send an ajax request and check if the user is registered in this way, but is completely useless from a security point of view.

+23
source

This solution works! Create middleware using an artisan.

 php artisan make:middleware RevalidateBackHistory

In the RevalidateBackHistory middleware, we set the title to no-cache and re-validate.

 <?php namespace App\Http\Middleware; use Closure; class RevalidateBackHistory { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $response = $next($request); return $response->header('Cache-Control','nocache, no-store, max-age=0, must-revalidate') ->header('Pragma','no-cache') ->header('Expires','Fri, 01 Jan 1990 00:00:00 GMT'); } }

Update Application Routing Middleware in Kernel.php

 protected $routeMiddleware = [ . . 'revalidate' => \App\Http\Middleware\RevalidateBackHistory::class, . . ];

And it's all! So basically you just need to call revalidate middleware for routes that require user authentication.

+27
source

Step 1: create one middleware using the following command:

 php artisan make:middleware PreventBackHistory

Step 2:

replace the contents of PreventBackHistory.php with the following contents:

 <?php namespace App\Http\Middleware; use Closure; class PreventBackHistory { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $response = $next($request); return $response->header('Cache-Control','no-cache, no-store, max-age=0, must-revalidate') ->header('Pragma','no-cache') ->header('Expires','Sun, 02 Jan 1990 00:00:00 GMT'); } }

step 3: register the middleware in the kernal.php file

 'preventBackHistory' => \App\Http\Middleware\PreventBackHistory::class,

And good to go :)

+9
source

The method I used was to simply redirect to the previous page after logging out. While the previous page has been protected, the middleware authorization is activated and redirects you back to the login page. Now when you click the back button, the previous page is no longer cached and you just get the login page again.

Original discussion: https://laracasts.com/discuss/channels/requests/back-button-browser

 public function logout() { Auth::logout(); // logout user return redirect(\URL::previous()); }
+5
source

Try redirecting to a secure route using auth :

 return redirect('home');

so that it redirects the login page, and the back button does not display the previous page

0
source

Source: https://habr.com/ru/post/986806/

More articles:


All Articles