Prevent the back action after logout

Question

After logout if i press the back button in the browser, it should not show the previous page, it has to go to default page (login page only).

So i have tried in many ways(ruby on rails application) like "history.forward()" ,"onbeforeunload", expire cache in meta tag, "http://www.brookebryan.com/ back button detection" so many .. i am very confused.

can anyone suggest a solution?

Answer 1

What you have to do is disable the browser-caching so that it wont return the cached page after you logout from the page. You can do that by setting the response-header to avoid caching in application controller. How?

in 'application_controller.rb' .....

before_filter :set_no_cache

def set_no_cache
  response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
  response.headers["Pragma"] = "no-cache"
  response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end

As mentioned in this answer: https://stackoverflow.com/a/748646

Answer 2

You can't do this and for a very good reason. If it were possible to disable the back button then malicious sites would all do it to stop you from getting away. Disallowing basic functionality for your users is never a good idea anyway.

Saying all that, you can discourage the use of the back button. If you make your logout button POST a form and then respond to the POST directly (rather than redirecting) then the user will see a warning from the browser asking them if they want to re-POST the form.

I suppose another trick would be for your page (the one you don't want the user to be able to go back to) to make an AJAX request on-load to the server. If the response from that subrequest indicates that the user is no longer logged in, then your javascript could bounce the user to another page.

All this seems like a waste of time to me though, to be honest.