phpauthenticationlaravellaravel-5logout

Prevent Browser's Back Button Login After Logout in Laravel 5


I am new to Laravel 5 and trying to make a simple authentication page. My problem is i can logout properly after i click to logout link but if i click to back button of the browser, still able to see the content of the page which actually should not be seen with respect to my auth middleware process. I read i can prevent this by disabling caching but don't think it is the best way to do this so how can i make this in a better way ? Simply my logout route is

Route::get('logout', array('uses' => 'LoginController@logout'));

Logout function is:

public function logout() {
        Auth::logout(); // logout user
        Session::flush();
        Redirect::back();
        return Redirect::to('pages/login'); //redirect back to login
}

Solution

  • When the user clicks the back button they're not actually logged in, its just the browser rendering what it has cached from previous page views. The user won't be able to navigate or interact with anything that requires them to be logged in because, to your application on the server, they're not authenticated.

    When the user clicks the back button you have no control over that as it doesn't make a request to the server.

    Using the back button, the only content they'll be able to view is that what they have already visited whilst logged in. If they try to access anything new, they'll make a new request to your application, your middleware will trigger and redirect them to the login page.

    I guess if you really wanted to stop this behavior you could use some JavaScript and such to send an ajax request and check if the user is logged in that way, but quite useless from a security point of view.