Hello, I have recently created an application in Rails which makes use of a login and logout system. I have a user controller and model as well as a login controller. My login controller performs my logout and login functions. The user is a scaffold of my database table and is auto generated from rails. def process_login #Creates the user with the form variables i have not included the code #here to create the user cause its not necessary if logged_in_user session[:user_id] = logged_in_user.id flash[:notice] = 'You have been logged in.' redirect_to(:controller => 'admin', :action => "index") else flash[:notice] = 'Invalid user and or password combination' redirect_to(:controller => 'login', :action => 'index') end end def logout session[:user_id] = nil reset_session flash[:notice] = 'You have logged out successfully' redirect_to(:controller => 'login', :action => 'index') end #This method is specified private in my ApplicationController #which is inherited by my controllers def authorize_access if not session[:user_id] flash[:notice] = "Please log in." redirect_to(:controller => 'login', :action => 'index') return false end end Basically in a nutshell this is my problem. A user clicks the logout link which then directs him to the Login form through this command redirect_to(:controller => 'login', :action => 'index') which works 100% and it resets the session. HOWEVER when the user clicks the back button it still shows him the users index page or the page the user logged out from. Even after specifying the before_filter :authorize_access option in my controllers. The interesting thing to note is This ONLY happens in Firefox (they are able to click back and view the "protected page") In I.E this works 100%. Anyone got ideas ?
on 2007-07-20 12:10
on 2007-07-20 12:20
may be the webpage is cached in firefox? If you try to refresh the webpage (after clicking the back button) what happens?
on 2007-07-20 12:34
The page directs me to the logout if I refresh after clicking back or try click any of the links in the admin page I logged out from. It looks like the webpage is cached in firefox however even after clearing my browsers cache, history and authenticated sessions this still happens Do you have a suggestion on what I can try ?
on 2007-07-20 12:35
I meant to say it directs me to the Login Page if i refresh.....