Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

easiest way to prevent the back button of your browser from showing secure data after a user logs out?

Tags:

html

browser

security

web-applications

In a normal web app w/ login and secure data, what is an easy way to secure that data and prevent it from being seen by using the browser's back button, once a user logs out?

like image 588
derick Avatar asked Oct 17 '08 03:10

derick

People also ask

Can I disable browser back button?

You can-not actually disable the browser back button. However, you can do magic using your logic to prevent the user from navigating back which will create an impression like it is disabled.

How do I disable the Back button in Chrome?

Use history. pushState() event and onpopstate property of the WindowEventHandlers to stop back navigation on browsers. The following code snippet disables the browser back button using JavaScript. Place this code into the web page where back navigation to be restricted.

How do you prevent a browser from going back to login form page once user is logged in PHP?

On the login screen, in PHP, before rendering the view, you need to check if the user is already logged in, and redirect to the default page the user should see after logged in. Similarly, on the screens requiring login, you need to check if the user is not logged in and if not, redirect them to the login screen.

What happens when you press the Back button in browser?

A back button in the browser lets you back-up to the copies of pages you visited previously. The web browser's back and next buttons work well with web sites that provide information that changes infrequently, such as news and shopping web sites.

3 Answers

Here's a useful browser caching guide.

You want to set the cache-control and expiration date headers (setting a date in the past), e.g.

 Cache-Control: no-cache
 Expires: Fri, 31 Dec 1998 12:00:00 GMT
like image 124
Wedge Avatar answered Sep 28 '22 18:09

Wedge

Cache control headers (Expires, Cache-Control, ETag) will generally prevent the caching of the page, forcing the browser to request a new copy at which point you can check the session status. They are sometimes ignored in the interests of "performance" though.

There are two Javascript approaches that could help you:

  • Use the exit event from your page (onSubmit for forms or onUnload for other pages) to clear the content when leaving pages.
  • Use document.location.replace() instead of normal links when moving between pages so as not to leave a trail in the browser history that the user could return to.

Both of these are likely to have a pretty horrid effect on usability though.

like image 25
Bell Avatar answered Sep 28 '22 17:09

Bell

There is no perfect solution

Although there are some very reasonable solutions to this (cache control headers, javascript, etc), you need to realise that once you have sent something to a client, it is out of your control. You cannot guarantee that the client will treat the data in the way you would like.

For example:

  • there could be a bug in a browser
  • a browser might allow users to turn off cache control
  • a user might be running with javascript disabled

Sorry :(

like image 45
AJ. Avatar answered Sep 28 '22 16:09

AJ.
Sign in to Comment

Related questions

How to get OpenGL version using Javascript?
Turn HTML Form Input into JavaScript Variable
Google Chrome Package Apps : How to make transparent rounded background like google hangout app?
Change strokeDashoffset of a SVG line in a for loop
How to create microsoft/google translate button for each div separately?
How to combine advantages of localStorage and sessionStorage
Does jQuery UI dialog box text have a newline option?
INPUT TYPE=FILE does not work in Microsoft edge
Bootstrap heading font size is small in mobile devices when using rem
Folder Choose in Html [closed]
text-overflow: ellipsis not working in a nested flex container
view-source in href shows error in console
Get incorrect offsetWidth and offsetHeight values
Child elements expanding outside parent element with flex
sp_send_dbmail embed mhtml file in body
Angular2 add HTML to dynamic elements
Why can you use new Image but not new Div or new Span?
How to add a search filter to a select option in angular
How to specify a Cache-Control header for index.html in create-react-app
Why doesn't a <table>'s margin collapse with an adjacent <p>?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!