Reputation: 8071
After application logout click on back button enter to application page in play framework
I added session using play framework. Session works fine,but after logout page redirected to index page(login page).Then click on back or forward button again enters to home page. I have started new session on logout,then also it enters to homw page.How to show the same index page on back or forward button click?
def login = Action {
{ implicit request =>
val email = request.body.asFormUrlEncoded.get("email")(0)
val password = request.body.asFormUrlEncoded.get("password")(0)
loginForm.bindFromRequest.fold(
errors => BadRequest(html.index(emailForm,errors,"Please enter valid username password")),
contact => Redirect(routes.Application.home).withSession("email" -> email,"password" -> password)
)
}
}
def home = Action { request =>
request.session.get("email").map{ user => Ok(views.html.home())
}.getOrElse{
Ok(views.html.index(emailForm,loginForm,""))
}
}
def logout = Action {
Redirect(routes.Application.index).withNewSession
}
Upvotes: 2
Views: 1018
Answers (1)
Reputation: 2708
To prevent browser back/forward buttons from navigating to a logged-in screen, you need to have two mechanisms in place:
- Tell browsers that they should always hit your server for any of the web pages that sit behind your login screen.
- Decorate every action that serves back one of your secured web pages with a check to see whether the person making the request has logged in. The check should then serve back the index page if they don't have anything within their cookie that conveys their identity.
The first of these can be achieved by getting your actions to set the following header in the HTTP response:
Cache-Control: no-cache
From this tutorial:
no-cache — forces caches to submit the request to the origin server for validation before releasing a cached copy, every time. This is useful to assure that authentication is respected (in combination with public), or to maintain rigid freshness, without sacrificing all of the benefits of caching.
You may already have the second mechanism in place. If not, you'll have to write an action that performs the check.
The recommended way to then apply both of these mechanisms to all of your pages would be to use action composition.
Upvotes: 1
Related Questions
- Redirect in Scala play framework
- Page Not Redirecting
- i have wriiten a logout code in welcome.scala.html page but getting errors in that page how can i write the code for it
- Play framework session management
- Stop Application
- How to handle session using Scala Play framework?
- Clear session and redirect in same controller method (Play framework with scala)
- Logout flow in play! framework 2.0, java
- Permanent redirect with Play 2.0.x
- Play Framework 2.0 Redirects in Controller Action