I have a laravel project where when I logout from the user I go to the login screen, but when going back to the previous page in browser I can acces the home page even if I have logged out. How can I fix it?
AuthController.php
public function logout()
{
\Auth::logout();
\Session::flush();
return redirect()->route('login');
}
}
UsersController.php (the home function that returns the home view)
public function home()
{
if (\Auth::user())
{
return view('users.home');
}
return redirect()->route('login');
}
web.php (the route)
Route::get('/home', ['middleware' => 'auth', 'as' => 'home','uses' => 'UsersController@home']);
The problem is the back button does not request anything from the server. It just loads the last known state of the page from the cache.
You can use this little bit of JavaScript to clear the browser's back button history:
history.go(-history.length); //Go to the first page in the back history.
window.location.href = '/login'; // Overwrite it with the page to actually go to.
Of course this may also annoy the user who will be losing their browsing session history.
An alternative which may work (though I have not tried it) is to tell the browser to not cache pages which require sign-in by setting the following header in those pages:
header("Cache-Control", "no-cache, no-store, must-revalidate");
However this will prevent any of those pages to be cached which may have an impact in performance.
Put in <head> in your login page.That will clear the cache and prevent back page.
<meta http-equiv="cache-control" content="private, no-store, no-cache, must-revalidate, max-age=0">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="0">
In your logout function, redirect like this:
return redirect()->to(Url::previous());
Now when you click the back button the previous page is no longer cached and you just get the login page again.