[英]How to avoid re-login by submitting user credentials using a reload button?
I'm developing a java based web application, I have also added Login/Logout functionality in my application.我正在开发一个基于 Java 的 Web 应用程序,我还在我的应用程序中添加了登录/注销功能。 For Login, user needs to submit the username and password and that will be passed as a query parameter along with the url.
对于登录,用户需要提交用户名和密码,并将作为查询参数与 url 一起传递。 But the problem is, even after logout when the client tries to go back to the loginPage using the back button (left arrow) in browser and reloads the LoginPage url, the url along with query parameters (login credentials) is get submitted again.
但问题是,即使在客户端尝试使用浏览器中的后退按钮(左箭头)返回 loginPage 并重新加载 LoginPage url 时注销后,该 url 以及查询参数(登录凭据)也会再次提交。 This enables the user to login again.
这使用户能够再次登录。
How to prevent this and make the user to re-enter the login credentials?如何防止这种情况并使用户重新输入登录凭据?
Also from this, I can say that client browser stores the url along with the query parameters.同样由此,我可以说客户端浏览器将 url 与查询参数一起存储。
How to avoid the browser from saving/caching my login credentials?如何避免浏览器保存/缓存我的登录凭据?
Thanks in advance!提前致谢! :)
:)
<div class="container">
<form action="Login" method="get">
<h1>Login</h1>
<label>Enter your username </label>
<input type="text" placeholder="username" name="username"/><br /><br />
<label>Enter your password </label>
<input type="text" placeholder="password" name="password"/><br /><br />
<button type="submit" value="Login">Submit</button>
</form>
</div>
QueryString with Login Credentials : http://localhost:8080/DemoApp/Login?username=karthik&password=karthik123带有登录凭据的查询字符串:http://localhost:8080/DemoApp/Login?username=karthik&password=karthik123
Never send any credentials via URL parameters of a GET request for multiple reasons:出于多种原因,切勿通过 GET 请求的 URL 参数发送任何凭据:
Secrets are allowed to be passed via headers or body of requests.允许通过请求头或请求体传递秘密。 Please use POST request to send the credentials.
请使用 POST 请求发送凭据。 With a bit of luck this should solve your problem.
运气好的话,这应该可以解决您的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.