I try to kill browser cache when user logout. I implement the LogoutSuccessHandlerInterface to extends the onLogoutSuccess method. There is no error but when I logout, I can press back button in browser and I see my profil page => If I refresh this page, I am automatically redirected, so I am correctly logged out.
security.yml
logout:
path: /logout
target: /
invalidate_session: true
success_handler: project_user.handler.logout_handler
services.yml
project_user.handler.logout_handler:
class: Project\UserBundle\Handler\LogoutHandler
Project/UserBundle/Handler/LogoutHandler.php
<?php
namespace Project\UserBundle\Handler;
use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RedirectResponse;
class LogoutHandler implements LogoutSuccessHandlerInterface
{
public function onLogoutSuccess( Request $request )
{
$response = new RedirectResponse( '/' );
$response->headers->addCacheControlDirective( 'no-cache', true );
$response->headers->addCacheControlDirective( 'max-age', 0 );
$response->headers->addCacheControlDirective( 'must-revalidate', true );
$response->headers->addCacheControlDirective( 'no-store', true );
return $response;
}
}
I try with this solution and that works perfectly, but this method is called for each requests (many time for each pages) and caused slowdowns. Please help!
thx
A method I have used with some success is simply to redirect to the previous page after logout. If the previous page was secured, your auth system will then redirect back to the login page. Now when you press the back button you should hit the login page again.
See my post here for an example in Laravel: https://laracasts.com/discuss/channels/requests/back-button-browser
Try this, works for me.
<?php
namespace YourBundle;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
class KernelSubscriber implements EventSubscriberInterface {
public static function getSubscribedEvents() {
return array(
KernelEvents::RESPONSE => array(
array('clearBrowserCache', 434255),
),
);
}
public function clearBrowserCache(FilterResponseEvent $event) {
$response = $event->getResponse();
$response->headers->addCacheControlDirective('no-cache', true);
$response->headers->addCacheControlDirective('max-age', 0);
$response->headers->addCacheControlDirective('must-revalidate', true);
$response->headers->addCacheControlDirective('no-store', true);
}
}
services.yml
kernel_subscriber:
class: YourBundle\KernelSubscriber
tags:
- { name: kernel.event_subscriber }