Abhishek
Abhishek

Reputation: 23

How to prevent browser back button in laravel 5.2

I am developing a crm application in laravel 5.2 but I stuck in one problem. I am able to access to previous page although I have properly logged out in Laravel 5.2. How to prevent browser’s back button login after I logged out in Laravel 5.2?

I know this is not a security issue but still I want to prevent user from accessing the previous page using the back button of browser. I used the following solution mentioned in the below URL but it still doesn't work for me. https://arjunphp.com/laravel-5-logout-and-prevent-back-button/

I am developing my application from scratch as of now. I just used Laravel auth i.e (php artisan make:auth) and found this issue and got stuck.

Upvotes: 2

Views: 7131

Answers (3)

Alexis Carvajal
Alexis Carvajal

Reputation: 1

solution. Create middleware.

It should look like this.

<?php

 namespace App\Http\Middleware;
 use Closure;

 class HistoryBack
 {
 /**
 * Handle an incoming request.
 *
 * @param \Illuminate\Http\Request $request
  * @param \Closure $next
 * @return mixed
 */
 public function handle($request, Closure $next)
   {
  $response = $next($request);

  return $response->header('Cache-Control','nocache, no-store, max-age=0,     must-revalidate')
  ->header('Pragma','no-cache') //HTTP 1.0
  ->header('Expires','Sat, 01 Jan 1990 00:00:00 GMT'); // // Date in the past


     }
    }

The following is to register the middleware in the kernel and use them in the routes regards

excuse my English. I'm using translators to understand. I only speak and understand Spanish and a little English

Upvotes: 0

LearningNew
LearningNew

Reputation: 41

As everyone said, it is not an issue. But even though you want to prevent it then here is what you can do. In your logout function you, after you call logout method use something like this,

return redirect(\URL::previous());

I have done it and it solved this issue. Please try this. Hope this helps!

Upvotes: 2

Ohgodwhy
Ohgodwhy

Reputation: 50808

This is not an issue. When a user clicks "back" the browser renders the previous page as a cached version.

Here are your 3 options:

  1. Don't worry about it. If they were logged in and they saw it previously, they'd expect the same if they go back. However, if they try to navigate anywhere else that has the auth middleware, they'll be redirected to the login page anyway.

  2. When they log out, redirect them to the login page.

  3. Redirect them back to the previous URL, this will fire the auth middleware again.

Upvotes: 2

Related Questions