After Logout, Browser Back button is showing history

edited December 2010 in Bug Reports
I am using Firefox version : 3.6.12
I have sign in and click on many links from Navigation Menu, Later on Sign out then after When I clicked to Back button from browser then it takes me again in admin panel.

No doubt I can't able to do any action. But any how it should not to go back in the pages, because we have clients which have too many credit card users. So it required very tight security.

I think it is due to cache problem or something like that.

Comments

  • edited 3:13AM
    Just to be clear, these are the steps you take to replicate the problem:

    1. Login to fuel (e.g. http://localhost/fuel/) using Firefox 3.612
    2. Browse to a page within the Navigation admin area within FUEL
    3. Logout
    4. Click the back button and you see the previous page from within the FUEL admin

    Is that the correct reproduction steps?
  • edited 3:13AM
    yes steps are correct, on 2nd steps I have clicked on many navigation links, So didn't remember that flow.

    I have noted that in body part ajax is processing but later body become blank.
    (It just becoming blank white page.)

    But any how I want to redirect it on login home page only.. Even If I click multiple time on back button.
  • edited 3:13AM
    What happens if you click the back button and then click the refresh button?
  • edited 3:13AM
    If I click on back button then it's again coming back to the last position of the page, and then If I do refresh then it's redirecting me in login page, (Below is the redirecting URL).

    http://www.fuelcms.avv/fuel/login/4c325a315a577776593246305a576476636e6b3d

    Hey I found one more thing, When I click back button then ajax request is generating 500 Internal Error, If you have firebug addon in your FF, then you can caught it easily.
  • edited 3:13AM
    I've been able to replicate the issue locally and will look into a fix... I'll keep you posted.
  • edited 3:13AM
    This seems to be a known issue with Firefox. No matter what header cache settings you set, it still will go back to the last page because of how Firefox caches it in memory. View this very long thread on the issue:
    http://forums.mozillazine.org/viewtopic.php?f=25&t=673135&st=0&sk=t&sd=a&start=60

    The only thing that seems to work is to do an ajax request on every page load to check the session.

    Also, the 500 Internal Errors are because the session no longer exists and the ajax request see that.
  • edited 3:13AM
    I were facing same problem in CodeIgniter, User can easily go back from browser button.

    To avoid this problem.. I found one solution, that when any admin controller file execute then very first step is to remove the cache...

    Below is my example code.. In construct() I have call no_cache(), So very first step it will remove the cache from memory... Even it require to put in Login page too..

    So then after if any user try to go back then it will not work. It will always redirect to login page. (Because browser could not found any cache).

    <?php

    class Myadmin extends Controller {

    public function __construct(){
    $this->no_cache();
    }

    public function login(){
    $this->load->view("login");
    }

    public function profile(){
    echo "Profile";
    }

    public function logout(){
    $this->session->unset_userdata('admin_login');
    redirect('/login');
    }

    /** Clear the old cache (usage optional) **/
    protected function no_cache(){
    header('Cache-Control: no-store, no-cache, must-revalidate');
    header('Cache-Control: post-check=0, pre-check=0',false);
    header('Pragma: no-cache');
    }
    }

    ?>
  • edited 3:13AM
    That seemed to do the trick! I was missing the "no-store" when I was testing the Cache-Control headers earlier. I've updated the repo. Thanks.
    https://github.com/daylightstudio/FUEL-CMS
  • edited 3:13AM
    Aha, So now it is fixed? Should I have to download latest package?
  • edited 3:13AM
    yes... try it out and let me know
  • edited 3:13AM
    It's Fixed, Now it's 100% safe :) Really nice & quick fixed..
    I really impress on your service.
  • edited 3:13AM
    Not a problem... you've helped me fix 2 bugs so far so thanks.
Sign In or Register to comment.