Forum: Ruby on Rails Mozzila Logout back button issue

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
3a05ce21a2a2783330ed41cd7af65f63?d=identicon&s=25 Matthew Hodge (rubycodzor)
on 2007-07-20 12:10

I have recently created an application in Rails which makes use of a
login and logout system. I have a user controller and model as well as a
login controller. My login controller performs my logout and login
functions. The user is a scaffold  of my database table and is auto
generated from rails.

  def process_login
    #Creates the user with the form variables i have not included the
    #here to create the user cause its not necessary
    if logged_in_user
      session[:user_id] =
      flash[:notice] = 'You have been logged in.'
      redirect_to(:controller => 'admin', :action => "index")
      flash[:notice] = 'Invalid user and or password combination'
      redirect_to(:controller => 'login', :action => 'index')

  def logout
    session[:user_id] = nil
    flash[:notice] = 'You have logged out successfully'
    redirect_to(:controller => 'login', :action => 'index')

  #This method is specified private in my ApplicationController
  #which is inherited by my controllers
  def authorize_access
    if not session[:user_id]
      flash[:notice] = "Please log in."
      redirect_to(:controller => 'login', :action => 'index')
      return false

Basically in a nutshell this is my problem. A user clicks the logout
link which then directs him to the Login form through this command
redirect_to(:controller => 'login', :action => 'index') which works 100%
and it resets the session. HOWEVER when the user clicks the back button
it still shows him the users index page or the page the user logged out
from. Even after specifying the before_filter :authorize_access option
in my controllers. The interesting thing to note is This ONLY happens in
Firefox (they are able to click back and view the "protected page") In
I.E this works 100%.

Anyone got ideas ?
847c9da8d177dd26f815a53c7742b7be?d=identicon&s=25 Aurélien Bottazini (Guest)
on 2007-07-20 12:20
(Received via mailing list)
may be the webpage is cached in firefox?
If you try to refresh the webpage (after clicking the back button) what
3a05ce21a2a2783330ed41cd7af65f63?d=identicon&s=25 Matthew Hodge (rubycodzor)
on 2007-07-20 12:34
The page directs me to the logout if I refresh after clicking back or
try click any of the links in the admin page I logged out from. It looks
like the webpage is cached in firefox however even after clearing my
browsers cache, history and authenticated sessions this still happens

Do you have a suggestion on what I can try ?
3a05ce21a2a2783330ed41cd7af65f63?d=identicon&s=25 Matthew Hodge (rubycodzor)
on 2007-07-20 12:35
I meant to say it directs me to the Login Page if i refresh.....
This topic is locked and can not be replied to.