[英]How to redirect to login page in Symfony2 after logout and prevent browser from opening cache pages?
Once I logged out from my Symfony2 app I can press back button and I can still see password protected pages pulled from browser cache. 从Symfony2应用程序注销后,可以按“后退”按钮,仍然可以看到从浏览器缓存中提取密码保护的页面。
I have simple: 我很简单:
$session = $request->getSession();
$session->clear();
in my logoutAction
. 在我的
logoutAction
。
Any idea how to do prevent this? 任何想法如何防止这种情况?
No cache header with annotation 没有带注释的缓存头
This is an answer I found and used for one of my own projects. 这是我找到的答案,并用于我自己的项目之一。 However it can be tailored to match against specific routes, in which case you could create a service that informs the event listener when and when not to do this.
但是,可以对它进行定制以使其与特定的路由相匹配,在这种情况下,您可以创建一个服务来通知事件侦听器何时以及何时不这样做。
An easy way to implement headers to prevent caching for your restricted routes is provided by LiipCacheControlBundle . LiipCacheControlBundle提供了一种实现标头以防止对受限路由进行缓存的简单方法。
You can get a an idea of how it works by looking at this configuration example . 通过查看此配置示例,您可以了解其工作原理。
A list of headers that can be used to prevent caching: 可用于防止缓存的标头列表:
Cache-Control:
( HTTP > 1.1 ) Cache-Control:
( HTTP> 1.1 )
Pragma
( the HTTP 1.0 version of Cache-Control ) Pragma
( Cache-Control的HTTP 1.0版本 )
If you are using Symfony 2.5.* could be a security flaw that comes from the browser cache. 如果您使用的是Symfony 2.5。*,则可能是来自浏览器缓存的安全漏洞。 The general (but not complete) solution is to send "Expire" headers that the browser may (or may not) pay attention to when you use the back-button behaviour.
通用(但不完整)的解决方案是发送“ Expire”标头,当您使用后退按钮行为时,浏览器可能会(或可能不会)注意这些标头。 Here's the Symfony docs for HTTP Cache headers
这是HTTP Cache标头的Symfony文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.