Hello,
I have recently created an application in Rails which makes use of a
login and logout system. I have a user controller and model as well as a
login controller. My login controller performs my logout and login
functions. The user is a scaffold of my database table and is auto
generated from rails.
def process_login
#Creates the user with the form variables i have not included the
code
#here to create the user cause its not necessary
if logged_in_user
session[:user_id] = logged_in_user.id
flash[:notice] = ‘You have been logged in.’
redirect_to(:controller => ‘admin’, :action => “index”)
else
flash[:notice] = ‘Invalid user and or password combination’
redirect_to(:controller => ‘login’, :action => ‘index’)
end
end
def logout
session[:user_id] = nil
reset_session
flash[:notice] = ‘You have logged out successfully’
redirect_to(:controller => ‘login’, :action => ‘index’)
end
#This method is specified private in my ApplicationController
#which is inherited by my controllers
def authorize_access
if not session[:user_id]
flash[:notice] = “Please log in.”
redirect_to(:controller => ‘login’, :action => ‘index’)
return false
end
end
Basically in a nutshell this is my problem. A user clicks the logout
link which then directs him to the Login form through this command
redirect_to(:controller => ‘login’, :action => ‘index’) which works 100%
and it resets the session. HOWEVER when the user clicks the back button
it still shows him the users index page or the page the user logged out
from. Even after specifying the before_filter :authorize_access option
in my controllers. The interesting thing to note is This ONLY happens in
Firefox (they are able to click back and view the “protected page”) In
I.E this works 100%.
Anyone got ideas ?