If you noticed, we still can access to previous page although we have properly logged out in Laravel 5. How to prevent browser’s back button login after we logged out in Laravel 5?
Is this really a security issue?
When the user clicks the back button they’re not actually logged it, its just the browser rendering what it has cached from previous page views. The user won’t be able to navigate or interact with anything that requires them to be logged in because to your application on the server they’re not authenticated. When the user clicks the back button you have no control over that as it doesn’t make a request to the server.
Using the back button the only content they’ll be able to view is that what they have already visited whilst logged in. If they try to access anything new they’ll make a new request to your application, your middleware will trigger and redirect them to the login page.
– Quoted from Stackoverflow.
So it is not really an issue. But there are few ways to fix this.
Possible ways to prevent browser’s back button
- Check auth session using AJAX
- Use meta tag for no-cache
For more detail on the above techniques, you may refer to codeproject website.
So, within Laravel 5 (current version is Laravel 5.1), we can set headers to no-cache and re-validate any pages that we want via middleware.