I am developing a Symfony2 app and I have a problem.
When I log out of my app, it does it correctly, but if I press the back button of the browser, I go back to a page which is in the logged.
If I write the URL to go to this page, I can't.
Thanks in advance
This is my Security.yml
security:
encoders:
Simple\ProfileBundle\Entity\User:
algorithm: sha1
encode_as_base64: false
iterations: 1
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
providers:
main:
entity:
class: Simple\ProfileBundle\Entity\User
property: username
firewalls:
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
always_use_default_target_path: true
default_target_path: /logged/portada
logout:
path: /logout
target: /portada
access_control:
- { path: ^/logged, roles: ROLE_ADMIN }
I just tested your scenario successfully in my own Symfony 2.3 applications and found that it is in fact a security flaw that comes from the browser cache (not a framework issue because it's out of the control of the framework.)
Here is a discussion around the issue . The general (but not complete) solution is to send "Expire" headers that the browser may (or may not) pay attention to when you use the back-button behaviour. Here's the Symfony docs for HTTP Cache headers
I have not tested it in a 2.5.* environment yet, so this may have been addressed in a later version of Symfony.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.