Disable browser 'Back' button after logout

2020-02-26 12:45发布

问题:

I am using python with django i want redirect users to login page when he clicks back button after logout. How to achieve this? where to write the code?

To test whether django admin handles this..i logged into django admin..logged out and then hit back button and i am able to see the previous page. Why django admin does not handle this.

This is the ccode for logout in django admin:

def logout(request):
  """
 Removes the authenticated user's ID from the request and flushes their
 session data.
 """
 request.session.flush()
 if hasattr(request, 'user'):
     from django.contrib.auth.models import AnonymousUser
     request.user = AnonymousUser()

回答1:

Finally found the solution:

from django.views.decorators.cache import cache_control

@cache_control(no_cache=True, must_revalidate=True)
def func()
  #some code
  return

This will force the browser to make request to server.



回答2:

You may find you need to use @cache_control(no_cache=True, must_revalidate=True, no_store=True) in chrome to fully stop any back button viewing.

The key thing being no_store for chrome as I found here 1



回答3:

The reason that you can the admin page, after you logged out and hit back is, that you don't the the real page. Rather you see a copy of it that is in your browser cache.

Try this:

  1. go to any admin page
  2. click "Logout"
  3. hit the "Back" button in your browser
  4. press F5 or click "Refresh" in your browser.

Now you will be redirected to the login page of the admin backend.



回答4:

+1 for Digital Cake's answer! This solved the problem of backing up into cached pages after logout on FireFox as well. I tried:

@cache_control(no_cache=True, must_revalidate=True)

on my views with no luck. Per Digital Cake, tried:

@cache_control(no_cache=True, must_revalidate=True, no_store=True)

and now Firefox backs up to the login screen.



回答5:

I know it's an old question, but the accepted answer did not work for me. i faced the same problem (using django 1.8 & Chrome)

Finally, I found the solution from the docs (django 1.7 or later). This will work for sure.

Just see the code below

from django.contrib.auth.decorators import login_required

@login_required(login_url='/login/')
def myview(request):
    return HttpResponse(render(request,'path_to_your_view.html'))

@login_required decorator is used to handle the issue. You can check more in doc



回答6:

It depends, what kind of authentication system you are using. If u are using some kind of own impl, you could write own Middleware class that redirects unathenticated users to login page.

If you are using some lib, check its docs how it handles request to secured pages from unauthenticated users.