I have devise configured in my web application. I have problem with the following workflow:
For accessing admin panel I need to login. After that I navigate to admin panel of my web app normally. When I click logout it redirects me to the root page which is the behavior I want so far.
The strange thing starts when in this page and after the above actions I click browser's back button which is showing me the cached last page I was. My session has been destroyed because if I click refresh it redirects me and it mentions to login to access the page, but I don't want to be able to see the last history page of the browser.
How is this possible and what can I do to prevent it? It has to do with browser caching right? The only way to fix it is to remove the caching from the logged in pages for preventing this behavior? How can I do that?
It happens because your browser cached the page on the client. The solution is to prevent the caching of that page(s), by forcing the browser to request a new page even when pressing Back button, instead of reading the saved one.
You can't prevent someone from using the back button. You need a redirect on your login page or an error message right before the user session is set if they are logged in. Now if the user presses back, they simply go to the homepage and no logic is run.
You want to set the headers of your page to prevent caching. You can do that like so:
before_filter :set_cache_buster def set_cache_buster response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate" response.headers["Pragma"] = "no-cache" response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT" end
Credit goes to the first response of this thread.
You can attempt to tell the browser not to cache stuff but that's what it is - an attempt.
If they viewed the page previously there is little you can do to enforce not being able to see the page again - it is somewhat out of your control at that point.
For instance, than can download the HTML of the page (which is what they are doing when they view the page) and you also can't stop them from taking say, a screenshot.
That said browser caching will work in some (most?) cases, refer to Michael Frederick's answer.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With