Tony Puthenveettil
2009-Jan-29 05:39 UTC
Back button works even after logout - How to prevent?
Hi all,
In my web application, after logging out, if Back button of the browser
is clicked, it takes to the previous logged in pages and allows all
operations without logging in. The layout, however, doesn''t change, but
the yield pages.
Please help me prevent that back button operation after logout. Given
below is my logout controller.
#Controller
def logout
if session[:admin] || session[:user]
reset_session
flash[:notice] = ''Logged out successfully''
redirect_to :controller => ''homes'', :action =>
''index''
else
flash[:error] = ''Not logged in''
end
end
Your prompt response is appreciated.
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
You can add a before_filter to your controllers to ensure that the user is logged in. I use restful authentication (that provides the login_required method), and I let anyone see the index listing of a table, or a show of any individual record, but create, update, new, delete, etc, are all locked behind a logged in session. before_filter :login_required, :except => [:index, :show] -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Julian Leviston
2009-Jan-29 11:10 UTC
Re: Back button works even after logout - How to prevent?
You need to Protect all of your controllers with a before filter that redirects to login unless they''re logged in. Sent from my iPhone On 29/01/2009, at 4:39 PM, Tony Puthenveettil <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org > wrote:> > Hi all, > In my web application, after logging out, if Back button of the > browser > is clicked, it takes to the previous logged in pages and allows all > operations without logging in. The layout, however, doesn''t change, > but > the yield pages. > > Please help me prevent that back button operation after logout. Given > below is my logout controller. > #Controller > def logout > if session[:admin] || session[:user] > reset_session > flash[:notice] = ''Logged out successfully'' > redirect_to :controller => ''homes'', :action => ''index'' > else > flash[:error] = ''Not logged in'' > end > end > > Your prompt response is appreciated. > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Tony Puthenveettil
2009-Feb-06 04:09 UTC
Re: Back button works even after logout - How to prevent?
Ar Chron wrote:> You can add a before_filter to your controllers to ensure that the user > is logged in. > > I use restful authentication (that provides the login_required method), > and I let anyone see the index listing of a table, or a show of any > individual record, but create, update, new, delete, etc, are all locked > behind a logged in session. > > before_filter :login_required, :except => [:index, :show]Thank you very much... Chron. It was very helpful. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Tony Puthenveettil
2009-Feb-06 04:09 UTC
Re: Back button works even after logout - How to prevent?
Julian Leviston wrote:> You need to > Protect all of your controllers with a before filter that redirects to > login unless they''re logged in. > > Sent from my iPhone > > On 29/01/2009, at 4:39 PM, Tony Puthenveettil > <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.orgThank you very much... Julian. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---