CODEWITHSUNDEEP
springspring-mvcspring-security
Saurabh Kumar
Saurabh Kumar

Reputation: 16651

How to handle back button using spring security

I am using spring security and i was wondering how to solve this back button or problem of the browsers.

The thing is that after i login , when i click the back button . I am coming to the login page again. It would be very good if even on clicking the back button you stay in the logged in home page only.

Same must be if i am logged out it should not be like when i click the back button i am again in the logged in home page. I am not sure what to do to solve this. I know browser caches the pages but When i use standard website like facebook or yahoo , looks like there is already some solution for it. Any direction or info will be very helpful.?

Upvotes: 4

Views: 10988

Answers (2)

dur
dur

Reputation: 16969

Did you try the built-in cache control of Spring Security:

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

   @Override
   protected void configure(HttpSecurity http) throws Exception {
      http
      // ...
      .headers()
         .defaultsDisabled()
         .cacheControl();
   }
}

Upvotes: 2

Maksym Demidas
Maksym Demidas

Reputation: 7817

Part of you problem comes from browser cache. You can disable it in multiple ways:

  • Configure Spring MVC interceptor for all your pages:
    <mvc:annotation-driven/>

    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**/*"/>
            <bean id="webContentInterceptor" class="org.springframework.web.servlet.mvc.WebContentInterceptor">
                <property name="cacheSeconds" value="0"/>
                <property name="useExpiresHeader" value="true"/>
                <property name="useCacheControlHeader" value="true"/>
                <property name="useCacheControlNoStore" value="true"/>
            </bean>
        </mvc:interceptor>
    </mvc:interceptors>
  • Call response methods:
    response.setHeader("Pragma", "no-cache");
    response.setHeader("Cache-Control", "no-cache");
    response.setDateHeader("Expires", 0);
  • Add meta tags to corresponding pages:
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Cache-Control" content="no-cache">
    <meta http-equiv="Expires" content="Sat, 01 Dec 2001 00:00:00 GMT">

Upvotes: 4

Related Questions