how to prevent the browser to go back page ?. actually i wrote "before_filter :authorize" in every controller except login_controller.rb but after logout,If you click "Back Page" icon in browser ,then it will go to back page.(in that page i can''t activate any links,because it will redirect_to login page). But in case of yahoo mails ,etc...,if we click "Back Page" icon in browser then it ll redirect_to login page. like that ,how can i do in my rails project ? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
No sure you can. I believe the back button is a feature of the browser itself, so there is nothing you can do about it. But is it that bad? People who logout have seem the content already. On Nov 13, 11:32 am, Pokkai Dokkai <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> how to prevent the browser to go back page ?. > > actually i wrote "before_filter :authorize" in every controller except > login_controller.rb > > but after logout,If you click "Back Page" icon in browser ,then it will > go > to back page.(in that page i can''t activate any links,because it will > redirect_to > login page). > But in case of yahoo mails ,etc...,if we click "Back Page" icon in > browser > then it ll redirect_to login page. > > like that ,how can i do in my rails project ? > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
The browser is returning to a cached copy of the page. You can''t completely prevent this, but you can send HTTP headers that encourage the browser not to cache the request. Setting "Cache-Control: no- cache" in the headers ought to do it. Gwyn. On Nov 13, 10:32 am, Pokkai Dokkai <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> how to prevent the browser to go back page ?. > > actually i wrote "before_filter :authorize" in every controller except > login_controller.rb > > but after logout,If you click "Back Page" icon in browser ,then it will > go > to back page.(in that page i can''t activate any links,because it will > redirect_to > login page). > But in case of yahoo mails ,etc...,if we click "Back Page" icon in > browser > then it ll redirect_to login page. > > like that ,how can i do in my rails project ? > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Pokkai Dokkai wrote:> how to prevent the browser to go back page ?. > > actually i wrote "before_filter :authorize" in every controller except > login_controller.rb > > but after logout,If you click "Back Page" icon in browser ,then it will > go > to back page.(in that page i can''t activate any links,because it will > redirect_to > login page). > But in case of yahoo mails ,etc...,if we click "Back Page" icon in > browser > then it ll redirect_to login page. > > like that ,how can i do in my rails project ?Are you using a session variable? In my app when the user logs in a session variable is set with the user id, then as they navigate around within the site the controller has a before_filter veryifying their user id is the same as the stored session id. That way when they log out the session id gets set back to nothing and when they try to go back those two id''s no longer match and they just get kicked back to the login page. In this same way I can also insure that no user can access another users account info -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Right, but he is talking about cached versions of legitimately visited pages hanging around in the browser cache after logout. This means the requests are not even hitting rails so sessions make no difference. Setting Cache-Control: no-cache, as was said before, is the best thing you can do along with recommending the user close the browser after logout. However, neither of these is a guarantee. -Bill Shandy Nantz wrote:> Pokkai Dokkai wrote: > >> how to prevent the browser to go back page ?. >> >> actually i wrote "before_filter :authorize" in every controller except >> login_controller.rb >> >> but after logout,If you click "Back Page" icon in browser ,then it will >> go >> to back page.(in that page i can''t activate any links,because it will >> redirect_to >> login page). >> But in case of yahoo mails ,etc...,if we click "Back Page" icon in >> browser >> then it ll redirect_to login page. >> >> like that ,how can i do in my rails project ? >> > > Are you using a session variable? In my app when the user logs in a > session variable is set with the user id, then as they navigate around > within the site the controller has a before_filter veryifying their user > id is the same as the stored session id. That way when they log out the > session id gets set back to nothing and when they try to go back those > two id''s no longer match and they just get kicked back to the login > page. In this same way I can also insure that no user can access another > users account info > >-- Sincerely, William Pratt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Gwyn Morfey wrote:> The browser is returning to a cached copy of the page. You can''t > completely prevent this, but you can send HTTP headers that encourage > the browser not to cache the request. Setting "Cache-Control: no- > cache" in the headers ought to do it. > > Gwyn. > > > On Nov 13, 10:32 am, Pokkai Dokkai <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>i don''t know.> but you can send HTTP headers that encourage > the browser not to cache the request. Setting "Cache-Control: no- > cache" in the headers ought to do it.how to do it ? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---