Logo Questions Linux Laravel Mysql Ubuntu Git Menu

How to handle back button using spring security

I am using spring security and i was wondering how to solve this back button or problem of the browsers.

The thing is that after i login , when i click the back button . I am coming to the login page again. It would be very good if even on clicking the back button you stay in the logged in home page only.

Same must be if i am logged out it should not be like when i click the back button i am again in the logged in home page. I am not sure what to do to solve this. I know browser caches the pages but When i use standard website like facebook or yahoo , looks like there is already some solution for it. Any direction or info will be very helpful.?

like image 662
Saurabh Kumar Avatar asked Mar 22 '23 20:03

Saurabh Kumar

2 Answers

Part of you problem comes from browser cache. You can disable it in multiple ways:

  • Configure Spring MVC interceptor for all your pages:

            <mvc:mapping path="/**/*"/>
            <bean id="webContentInterceptor" class="org.springframework.web.servlet.mvc.WebContentInterceptor">
                <property name="cacheSeconds" value="0"/>
                <property name="useExpiresHeader" value="true"/>
                <property name="useCacheControlHeader" value="true"/>
                <property name="useCacheControlNoStore" value="true"/>
  • Call response methods:
    response.setHeader("Pragma", "no-cache");
    response.setHeader("Cache-Control", "no-cache");
    response.setDateHeader("Expires", 0);
  • Add meta tags to corresponding pages:
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Cache-Control" content="no-cache">
    <meta http-equiv="Expires" content="Sat, 01 Dec 2001 00:00:00 GMT">
like image 66
Maksym Demidas Avatar answered Apr 06 '23 12:04

Maksym Demidas

Did you try the built-in cache control of Spring Security:

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

   protected void configure(HttpSecurity http) throws Exception {
      // ...
like image 41
dur Avatar answered Apr 06 '23 10:04