开发者

Disable browser 'Back' button after logout?

问答 作者:

I am using python with django i want redirect users to login page when he clicks back button after logout. How to achieve this? where to write the code?

To test whether django admin handles this..i logged into django admin..logged out and then hit back button and i am able to see the previous page. Why django admin does not handle this.

This is the ccode for logout in django admin:

def logout(request):
  """
 Removes the authenticated user's ID from the request and flushes their
 session data.
 """
 request.session.flush()
 if hasattr(request, 'user'):
     from django.contrib.auth.models import AnonymousUs开发者_如何转开发er
     request.user = AnonymousUser()

Finally found the solution:

from django.views.decorators.cache import cache_control

@cache_control(no_cache=True, must_revalidate=True)
def func()
  #some code
  return

This will force the browser to make request to server.

You may find you need to use @cache_control(no_cache=True, must_revalidate=True, no_store=True) in chrome to fully stop any back button viewing.

The key thing being no_store for chrome as I found here 1

+1 for Digital Cake's answer! This solved the problem of backing up into cached pages after logout on FireFox as well. I tried:

@cache_control(no_cache=True, must_revalidate=True)

on my views with no luck. Per Digital Cake, tried:

@cache_control(no_cache=True, must_revalidate=True, no_store=True)

and now Firefox backs up to the login screen.

I know it's an old question, but the accepted answer did not work for me. i faced the same problem (using django 1.8 & Chrome)

Finally, I found the solution from the docs (django 1.7 or later). This will work for sure.

Just see the code below

from django.contrib.auth.decorators import login_required

@login_required(login_url='/login/')
def myview(request):
    return HttpResponse(render(request,'path_to_your_view.html'))

@login_required decorator is used to handle the issue. You can check more in doc

The reason that you can the admin page, after you logged out and hit back is, that you don't see the real page. Rather you see a copy of it that is in your browser cache.

Try this:

  1. go to any admin page
  2. click "Logout"
  3. hit the "Back" button in your browser
  4. press F5 or click "Refresh" in your browser.

Now you will be redirected to the login page of the admin backend.

This is a cache problem.

You can use cache_control decorator to force no cache on views:

from django.views.decorators.cache import cache_control

@cache_control(no_cache=True, must_revalidate=True, no_store=True)
def func()
  # some code
  return

This will force the browser to make a request to the server.

More about cache_control

It depends, what kind of authentication system you are using. If u are using some kind of own impl, you could write own Middleware class that redirects unathenticated users to login page.

If you are using some lib, check its docs how it handles request to secured pages from unauthenticated users.

继续阅读:djangodjango-adminjavascriptpython

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9