I have devise configured in my web application. I have problem with the following workflow:
我已在我的Web应用程序中配置了配置。我有以下工作流程的问题:
For accessing admin panel I need to login. After that I navigate to admin panel of my web app normally. When I click logout it redirects me to the root page which is the behavior I want so far.
要访问管理面板,我需要登录。之后我会正常导航到我的网络应用程序的管理面板。当我单击注销时,它会将我重定向到根页面,这是我想要的行为。
The strange thing starts when in this page and after the above actions I click browser's back button which is showing me the cached last page I was. My session has been destroyed because if I click refresh it redirects me and it mentions to login to access the page, but I don't want to be able to see the last history page of the browser.
奇怪的是,在这个页面中开始,在上面的操作之后,我点击了浏览器的后退按钮,它显示了我的缓存的最后一页。我的会话已被破坏,因为如果我点击刷新它重定向我,它提到登录访问该页面,但我不希望能够看到浏览器的最后一个历史页面。
How is this possible and what can I do to prevent it? It has to do with browser caching right? The only way to fix it is to remove the caching from the logged in pages for preventing this behavior? How can I do that?
这怎么可能,我该怎么做才能防止它呢?它与浏览器缓存有关吗?解决此问题的唯一方法是从登录页面中删除缓存以防止此行为?我怎样才能做到这一点?
3 个解决方案
#1
56
You want to set the headers of your page to prevent caching. You can do that like so:
您希望设置页面的标题以防止缓存。你可以这样做:
before_filter :set_cache_buster
def set_cache_buster
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end
Credit goes to the first response of this thread.
Credit转到此线程的第一个响应。
#2
5
You can attempt to tell the browser not to cache stuff but that's what it is - an attempt.
您可以尝试告诉浏览器不要缓存内容,但这就是它的尝试。
If they viewed the page previously there is little you can do to enforce not being able to see the page again - it is somewhat out of your control at that point.
如果他们之前查看过该页面,那么您可以执行的操作几乎无法再次查看该页面 - 此时它有点无法控制。
For instance, than can download the HTML of the page (which is what they are doing when they view the page) and you also can't stop them from taking say, a screenshot.
例如,可以下载页面的HTML(这是他们查看页面时正在做的事情)而且你也无法阻止他们说出截图。
That said browser caching will work in some (most?) cases, refer to Michael Frederick's answer.
那说浏览器缓存可以在一些(大多数?)情况下工作,参考迈克尔弗雷德里克的答案。
#3
3
this has definitely to do with caching. You have to set the appropriate HTTP headers accordingly. This probably has the answer you need: How to prevent browser page caching in Rails
这肯定与缓存有关。您必须相应地设置适当的HTTP标头。这可能有你需要的答案:如何防止Rails中的浏览器页面缓存
- Johannes
- 约翰内斯
#1
56
You want to set the headers of your page to prevent caching. You can do that like so:
您希望设置页面的标题以防止缓存。你可以这样做:
before_filter :set_cache_buster
def set_cache_buster
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end
Credit goes to the first response of this thread.
Credit转到此线程的第一个响应。
#2
5
You can attempt to tell the browser not to cache stuff but that's what it is - an attempt.
您可以尝试告诉浏览器不要缓存内容,但这就是它的尝试。
If they viewed the page previously there is little you can do to enforce not being able to see the page again - it is somewhat out of your control at that point.
如果他们之前查看过该页面,那么您可以执行的操作几乎无法再次查看该页面 - 此时它有点无法控制。
For instance, than can download the HTML of the page (which is what they are doing when they view the page) and you also can't stop them from taking say, a screenshot.
例如,可以下载页面的HTML(这是他们查看页面时正在做的事情)而且你也无法阻止他们说出截图。
That said browser caching will work in some (most?) cases, refer to Michael Frederick's answer.
那说浏览器缓存可以在一些(大多数?)情况下工作,参考迈克尔弗雷德里克的答案。
#3
3
this has definitely to do with caching. You have to set the appropriate HTTP headers accordingly. This probably has the answer you need: How to prevent browser page caching in Rails
这肯定与缓存有关。您必须相应地设置适当的HTTP标头。这可能有你需要的答案:如何防止Rails中的浏览器页面缓存
- Johannes
- 约翰内斯