After logout, if I push back button I can see the last page which requires login
I have devise configured in my web application. I have problem with the following workflow:
For accessing admin panel I need to login. After that I navigate to admin panel of my web app normally. When I click logout it redirects me to the root page which is the behavior I want so far.
The strange thing starts when in this page and after the above actions I click browser's back button which is showing me the cached last page I was. My session has been destroyed because if I click refresh it redirects me and it mentions to login to access the page, but I don't want to be able to see the last history page of the browser.
How is this possible and what can I do to prevent it? It has to do with browser caching right? The only way to fix it is to remove the caching from the logged in pages for preventing this behavior? How can I do that?
Answer
You want to set the headers of your page to prevent caching. You can do that like so:
before_filter :set_cache_buster
def set_cache_buster
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end
Credit goes to the first response of this thread.