If I'm not mistaken, we would need a new standard HTTP header to tell the browser "this is disconnection, clear everything now". I think /u/notdedicated bypass solution would work, but it means sacrificing the cache for all authenticated pages, which is a bit extreme. Even with browsing limited to a page or two, it can allow a third party to access information they shouldn't. I have also tried it with classic PHP/HTML, InertiaJS & SPA.Ĭlient-side it's actually quite a big security problem that /u/Environmental-Put358 found there. I just confirmed it by terminating the server before clicking the back button.
#Clear browser history after logout code
It's purely the browser side cache : it can happen even without server-side code being executed. As long as you’re properly logging out the user, then it’s just an aesthetic issue if the user can go back to the previous page and see that content. There’s a lot there, but it covers things like protecting routes and logging out users.Īs for the browser back button, there’s a JavaScript way of dealing with it, but I’ll let you go down that rabbit hole since it depends on what type of frontend you’re working with (MPA/SPA, Vue.js, etc.).
Read through this part of the documentation: Laravel comes with these middleware out of the box when you create a new project.
This middleware will redirect to the home page if there’s a user, thus preventing an already logged in user from logging in again.Īs long as you’re destroying the user’s session when they log out, these middleware should do the trick. The login route would use the “guest” middleware ( App\Http\Middleware\RedirectIfAuthenticated by default) which should use the same guard as “auth”. If there’s no user, then it redirects to the login route (by default). Have your home page (or whatever page the user is taken to after login) use the “auth” middleware ( App\Http\Middleware\Authenticate by default) which will check if there’s a user (according to some guard, such as the SessionGuard which checks the session store ).
0 kommentar(er)
