[TYPO3-english] FE logout and browser back button

[bernd wilke]

Am Tue, 03 Nov 2009 09:49:27 +0200 schrieb Katja Lampela:

> Hi,
> 
> I stumbled on this: a logged out FE visitor can press the back button of
> the browser and he gets the previous view even though the page is in the
> access restricted area and "no cache" type (or configured so).
> 
> I tried all kinds of combinations of these (0 or 1) in the root template
> setup:
> 
> config.sendCacheHeaders = 1
> config.sendCacheHeaders_onlyWhenLoginDeniedInBranch = 1 config.no_cache
> = 1
> config.cache_period = 1 //the default cache expires time, this is 1
> second
> 
> ..I'm pretty much shooting in the dark here as one can suspect, but
> these didn't have any desired effect.

all your server-config could not help you because most browsers show the 
page from browser-cache if you go back. there is no server request and so 
no configuration on the server can supress the page display.

 
> Adding this in the page header, helped in some browsers, but not all:
> 
> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"><META HTTP-EQUIV="Expires"
> CONTENT="-1">

this may force some browsers to recall that page from server, where it 
gets denied. But that will supress all browser-/proxy-caching for every 
page.  This means a lot of more traffic for your server and a lot of more 
waiting time for your page visitors.
 
> So, what is your method in access restricted pages to prevent the
> browser's back button to show the previous page that was in the
> restricted area? Maybe force the browser close all together..?

you (as page provider) can do nothing. your page visitors can clear their 
browser cache (and proxy?) to prevent other computer-users to get content 
from pages they visited while logged in.

how will you prevent users to access localy stored page information 
('save page') after log-out?


bernd
-- 
http://www.pi-phi.de/cheatsheet.html