Support the ongoing development of Laravel.io →
Authentication Security
Last updated 2 years ago.
0

Everything works fine,except that if the user logs out and then uses the back button in the browser he/she is back into the program with full powers. This is BAD.

Try actually using that power for anything. Click any link that requires you to be logged in to access and the auth filter should kick in.

Last updated 2 years ago.
0

In your filter.php file .. Use this ...

App::after(function($request, $response) {
$response->headers->set('Cache-Control','nocache, no-store, max-age=0, must-revalidate'); $response->headers->set('Pragma','no-cache'); $response->headers->set('Expires','Fri, 01 Jan 1990 00:00:00 GMT'); });

Last updated 2 years ago.
0

I would recommend to modift what @Amit5291 suggested. Doing exactly what he noted will invalidate cache every page request and is not something you wanna do.

Insted do it only for your logout route.

Change your ..routes.php to apply the invalidate-browser-cache filter

Route::get('logout','UserController@logout')->after('invalidate-browser-cache');

Add this to your ..filters.php

Route::filter('invalidate-browser-cache', function($request, $response)
{
    $response->headers->set('Cache-Control','nocache, no-store, max-age=0, must-revalidate'); 
    $response->headers->set('Pragma','no-cache'); 
    $response->headers->set('Expires','Fri, 01 Jan 1990 00:00:00 GMT');
});
Last updated 2 years ago.
0

Not best way but its work for me. Don't directly redirect to login when user logout. Refresh or redirect current page(dashboard). When refresh current page its will automatically redirect to login because of filter and browser can't remember your *** dashboard *** page.

...
public function logout() {
    Auth::logout();
    return Redirect::to('dashboard');
} // logout() {ends}
...

Sorry for my english .

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

ralvez ralvez Joined 22 Mar 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.