devxlogo

Session Abandon Does Not Stop Back Button

Session Abandon Does Not Stop Back Button

Question:
I have a session variable that keeps track of a user name and is set through a login page. Every page in the application first checks for the session variable and redirects to the login page if empty. I have a log out button that calls session.abandon and redirects to the home page. If the user logs out, then clicks the back button on the browser, it seems like session variables still exist. However, if the user logs out, then manually types in the address of one of the pages, it correctly redirects the user to the login page.

Answer:
Since the back button brings the page from the local browser’s cache, it does not run your session login check code again. So the user can access it. To prevent this, you can make sure the browser does not cache your pages. You can do this by providing some META tags. However, all your pages will need to be treated this way, making the browser fetch pages each and every time from your site. Check out the pros and cons before deciding.

See also  The Benefits of Patient Engagement Solutions for Healthcare Providers
devxblackblue

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist