how to prevent the browser to go back page ?.
actually i wrote “before_filter :authorize” in every controller except
login_controller.rb
but after logout,If you click “Back Page” icon in browser ,then it will
go
to back page.(in that page i can’t activate any links,because it will
redirect_to
login page).
But in case of yahoo mails ,etc…,if we click “Back Page” icon in
browser
then it ll redirect_to login page.
like that ,how can i do in my rails project ?
No sure you can. I believe the back button is a feature of the browser
itself, so there is nothing you can do about it. But is it that bad?
People who logout have seem the content already.
On Nov 13, 11:32 am, Pokkai D. [email protected]
The browser is returning to a cached copy of the page. You can’t
completely prevent this, but you can send HTTP headers that encourage
the browser not to cache the request. Setting “Cache-Control: no-
cache” in the headers ought to do it.
Gwyn.
On Nov 13, 10:32 am, Pokkai D. [email protected]
Pokkai D. wrote:
how to prevent the browser to go back page ?.
actually i wrote “before_filter :authorize” in every controller except
login_controller.rbbut after logout,If you click “Back Page” icon in browser ,then it will
go
to back page.(in that page i can’t activate any links,because it will
redirect_to
login page).
But in case of yahoo mails ,etc…,if we click “Back Page” icon in
browser
then it ll redirect_to login page.like that ,how can i do in my rails project ?
Are you using a session variable? In my app when the user logs in a
session variable is set with the user id, then as they navigate around
within the site the controller has a before_filter veryifying their user
id is the same as the stored session id. That way when they log out the
session id gets set back to nothing and when they try to go back those
two id’s no longer match and they just get kicked back to the login
page. In this same way I can also insure that no user can access another
users account info
Right, but he is talking about cached versions of legitimately visited
pages hanging around in the browser cache after logout. This means the
requests are not even hitting rails so sessions make no difference.
Setting Cache-Control: no-cache, as was said before, is the best thing
you can do along with recommending the user close the browser after
logout. However, neither of these is a guarantee.
-Bill
Shandy N. wrote:
redirect_to
within the site the controller has a before_filter veryifying their user
id is the same as the stored session id. That way when they log out the
session id gets set back to nothing and when they try to go back those
two id’s no longer match and they just get kicked back to the login
page. In this same way I can also insure that no user can access another
users account info
–
Sincerely,
William P.
Gwyn Morfey wrote:
The browser is returning to a cached copy of the page. You can’t
completely prevent this, but you can send HTTP headers that encourage
the browser not to cache the request. Setting “Cache-Control: no-
cache” in the headers ought to do it.Gwyn.
On Nov 13, 10:32 am, Pokkai D. [email protected]
i don’t know.
but you can send HTTP headers that encourage
the browser not to cache the request. Setting “Cache-Control: no-
cache” in the headers ought to do it.
how to do it ?
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs