How I Prevent Browser's Back Button Login After Logout

Question

My problem is i can logout properly after i click to logout link but if i click to back button of the browser, still able to see the content of the page which actually should not be seen with respect to my auth middleware process. I read i can prevent this by disabling caching but don't think it is the best way to do this so how can i make this in a better way ?MY Logout Function is

public function logout()
{
    Auth::logout();
    Session::flush();
    return redirect('login');
}

My Route Is:

Route::get('logout','Homecontroller@logout');

Thanx In advance

Answer 1

This problem is with the browser. The browser caches the content of the page and serves that cached content to the user when you are hitting the back button.

Set up cache-control meta tags on the pages that requires that a user is logged in. That way you are telling the browser not to cache it.

E.g:

<meta http-equiv="cache-control" content="private, max-age=0, no-cache">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="0">

Answer 2

Use a simple AJAX request on top of your page (something like a ping service), set cache false and put some clause in it to redirect visitor to login if not authenticated.

So after logout, if you try to go back even if the main page is cached by the browser it will still try to load AJAX request back on page load. And since user authentication is not valid anymore it will redirect the user back to the login page.

Answer 3

Add this javascript code, it will prevent redirect.

history.pushState(null, null, document.URL);
window.addEventListener('popstate', function () {
    history.pushState(null, null, document.URL);
});

Answer 4

This javascript code worked for me:

<script>
    // previous page should be reloaded when user navigate through browser navigation
    // for mozilla
    window.onunload = function(){};
    // for chrome
    if (window.performance && window.performance.navigation.type === window.performance.navigation.TYPE_BACK_FORWARD) {
        location.reload();
    }
</script>

Tested on Chrome Version 80.0.3987.122 (Official Build) (64-bit) and Firefox 73.0.1 (64-bit)

Answer 5

Create a middleware using artisan

php artisan make:middleware RevalidateBackHistory

Within RevalidateBackHistory middleware, we set the header to no-cache and revalidate

<?php
namespace App\Http\Middleware;
use Closure;
class RevalidateBackHistory
{
    /**
    * Handle an incoming request.
    *
    * @param \Illuminate\Http\Request $request
    * @param \Closure $next
    * @return mixed
    */
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        return $response->header('Cache-Control','nocache, no-store, max-age=0, must-revalidate')
            ->header('Pragma','no-cache')
            ->header('Expires','Fri, 01 Jan 1990 00:00:00 GMT');
    }
}

Update the application’s route middleware in Kernel.php

protected $routeMiddleware = [
    .
    .
    'revalidate' => \App\Http\Middleware\RevalidateBackHistory::class,
    .
    .
];

And that’s all! So basically you just need to call revalidate middleware for routes which require user authentication.

Answer 6

Assuming you have already done with the Kernel and the Middleware

On your Controller, create a constructor, then add the middleware auth

public function __construct()
{
    $this->middleware('auth');
}

I hope this work for you