注销后后退按钮将用户带回到受保护的页面 -zend Framework
我创建了一个页面登录、注销来访问控制面板 场景如下:用户登录并访问 cpanel 页面,然后注销 问题:登录完成后,如果用户单击浏览器后退按钮,即使身份验证已完成并设置了会话,用户也会返回到登录页面,同时如果用户注销并单击后退按钮,它将返回到控制面板页面(如果用户刷新页面,那么一切似乎都很好,usr 将被重定向到登录,后退按钮不会将她重定向到 cpanel)。
问题是浏览器缓存,我尝试使用 php 标头和 html 元来阻止页面缓存,但没有成功。有什么办法解决这个问题吗?
我的注销操作代码如下
public function logoutAction()
{
$auth=Zend_Auth::getInstance();
//If logged in then move to index
if(!$auth->hasIdentity()){
$this->_redirect('admin/account/redirect');
}
$auth->clearIdentity();
$this->_redirect('admin/account/redirect');
}
I have created a pages login , logout to access a control panel
scenario goes like this: user logs in and accesss the cpanel page and them logs out
Problem : when login is done if user click on browser back button user goes back to login page even though authentication is done and sessions are set, at the same time if user logout , and click back button it will return back to control panel page (if user refresh the page then everything seems to be fine and usr will be redirected to login and back button won't redirect her to cpanel ) .
The problem is browser cache , I tried with both php header and html meta to prevent the page from caching but I could not succeed . Any solution to this?
My logout action code is as follow
public function logoutAction()
{
$auth=Zend_Auth::getInstance();
//If logged in then move to index
if(!$auth->hasIdentity()){
$this->_redirect('admin/account/redirect');
}
$auth->clearIdentity();
$this->_redirect('admin/account/redirect');
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您始终可以运行一段 javascript onLoad,使用 AJAX 请求另一个 PHP 页面,然后如果用户登录,则将其重定向回 CPanel 或登录页面,无论它们应该在哪里。
JQuery post 可以很好地处理这个问题。
http://api.jquery.com/jQuery.post/
You could always run a piece of javascript onLoad that requests another PHP page using AJAX and then if the user is logged in then redirect them back to the CPanel or Login page, wherever they are supposed to be.
JQuery post would handle this quite nicely.
http://api.jquery.com/jQuery.post/
浏览器的行为可能有所不同,那么您使用什么浏览器?
另外,为什么要在注销时检查用户是否有身份呢?无论用户是否登录,只需清除身份 - 代码越少越好...
我的注销代码如下所示:
Browsers can behave differently, so what browser are you using?
Also, why bother checking if the user has an identity when logging out? Just clear the identity regardless of whether the user is logged in or not - less code, the better...
My logout code looks like:
这就是我在注销操作中所拥有的内容
,并且由于 Zend_Auth 身份保存在会话中,因此它也会被销毁。如果我(从导航器)返回,则会发现身份缺失,并且我会被重定向到登录屏幕
This is what I have in my logout action
And since the Zend_Auth identity is saved in a session, it gets destroyed as well. If I do a back (from the navigator) the absence of identiy is catched and I am redirected to the login screen
我将使用的方法是强制登录页面发生在新的窗口实例中。当用户注销时,关闭该窗口。不会有什么可回去的。
另一种方法是使用会话并每次用户移动到新页面时执行 POST。点击此处的后退按钮将需要再次发布内容,但会话将关闭并且请求将失败。
The method I would use is force the login page to take place in a new window instance. When the user logs out, close that window. There will be nothing to go back to.
The alternative is to use sessions and do a POST every time the user moves to a new page. Hitting the back button here would require the content to be POSTed again, but the session would be closed and the request would fail.