Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By drupaltq on
The issue:
1. log out
2. click the "go back" button on the browser
3. previous visited pages show up (remember that it has been logged out)
Where I need help:
Even though one cannot make changes on these previous visited pages at this time, I simply don't like these pages to show up at all, instead, it should still show the log in page. Please note that I have set the session.cookie_lifetime to 0
, so it's not the "closing browser" issue. Please give suggestions.
Comments
Same issue
Can anyone give suggestions?
This is normal behaviour. The
This is normal behaviour. The only way I can think of to prevent a user from being able to go back to a previous page is if that page was only accessible to authenticated users - and even if that were the case, you'd have to prevent *all* previous pages in the session from being accessible.
Is it really a problem?
In certain cases, it is even dangerous...
This "go back after log out" behavior is normal if the web page/data were not confidential. However, when
there were confidential data on the logged in page, you don't want it behave like this.
For example, you were doing on-line banking on a public library computer, you done, you logged out, then somehow you forgot to close the browser, and you left the computer. Now someone came to this computer you just used, clicked the back button on the browser, guess what, all your account information are displayed, even though he/she can't change anything at this time( because indeed you logged out), but at least your information were completely exposed.
Can someone help to solve the drupal technical problem described in the example above?
The least of your worries.
If your using a public computer for confidential transactions the back button is the least of your worries. http://www.tokezone.net/safe/surf.htm If you absolutely have no other options install a Linux distro on a USB key and reboot the public machine. See http://www.ubuntu.com/desktop/get-ubuntu/download for an example. This cannot protect you from keyloggers though so please think twice before using any machine that is not under your direct control for stuff like online banking or cc purchases.
If you are curious about what the browser knows about you this... https://addons.mozilla.org/en-US/firefox/addon/2489/ (or even about:cache) will prove interesting. ;-7
Back buton after logout
I am also having same issue found something at Here
previous visited pages show up after logout
some one help...????
This can be prevented by
This can be prevented by setting a header of 'Cache-control: no-save'.
There are several ways to do this, e.g., in apache config, .htaccess, or PHP. In a Drupal module, it would be:
drupal_add_http_header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate, post-check=0, pre-check=0');
last page information displayed after logout.
Hello All,
Any one having any solution for this problem.
Last page get display and we refresh it then login window display because that user is loged-in system.
We can handle this by sending the ajax call for loing check but which condition we handle this.
Thank in advance.
SomShine
For Drupal 8 you can follow
For Drupal 8 you can follow this link "https://www.drupal.org/project/logout_redirect" to solve this issue.