[Play 2.6 Java] Browser back button Issue after logout


#1

When user logout from application he is redirect to the login page, but if user clicks the back button of browser, it again goes to the previous visited page although the page is already logged out.

I tried two methods. The first is to set some HTTP headers like that:

return ok(page.render()).withHeader("Cache-Control", "no-cache,no-store,must-revalidate").
                withHeader("Pragma","no-cache").withHeader("Expires", "0");

It’s works fine, but only for this page. Is there a way to set these headers globally?

The other way is to use an ajax call in the main page to check session:

 $(document).ready(function () {
            CheckingSeassion();
        });
        function CheckingSeassion() {
            $.post("checkSession", {}, function (data) {
                if(data=="0") {
                     window.location = "login";
                }
            });
        }

public Result checkSession() {
        String result = "0";
        if(session().containsKey("id")) {
            result = "1";
        }
        return ok(result);
    }

This method works fine but has a limitation that when user clicks the back button of the browser, the back page shows for 1 or half second because of executing the checkSession.

Is there a better method?


(Tim Moore) #2

Setting the response headers is the best solution. To apply this across all of your responses, you could use a filter:

https://www.playframework.com/documentation/2.6.x/JavaHttpFilters#Filters