如何通过使用重新加载按钮提交用户凭据来避免重新登录？

Question

I'm developing a java based web application, I have also added Login/Logout functionality in my application. For Login, user needs to submit the username and password and that will be passed as a query parameter along with the url. But the problem is, even after logout when the client tries to go back to the loginPage using the back button (left arrow) in browser and reloads the LoginPage url, the url along with query parameters (login credentials) is get submitted again. This enables the user to login again.

How to prevent this and make the user to re-enter the login credentials?

Also from this, I can say that client browser stores the url along with the query parameters.

How to avoid the browser from saving/caching my login credentials?

Thanks in advance! :)

<div class="container">
      <form action="Login" method="get">
        <h1>Login</h1>
        <label>Enter your username </label>
        <input type="text" placeholder="username" name="username"/><br /><br />
        <label>Enter your password </label>
        <input type="text" placeholder="password" name="password"/><br /><br />
        <button type="submit" value="Login">Submit</button>
      </form>
 </div>

QueryString with Login Credentials : http://localhost:8080/DemoApp/Login?username=karthik&password=karthik123

Answer 1

Never send any credentials via URL parameters of a GET request for multiple reasons:

1. Caching of URLs is always allowed in the browser. If you leave your browser unattended for a moment it may leak your credentials.
2. All infrastructure elements (firewalls, proxies) along the way are always allowed to log URLs for debug purposes. Credentials may leak because someone turned logging on.

Secrets are allowed to be passed via headers or body of requests. Please use POST request to send the credentials. With a bit of luck this should solve your problem.