ETOOBUSY 🚀 minimal blogging for the impatient

No back button after logout

· #web #security

TL;DR

Prevent the back button after logging out.

While playing with pages in a Mojolicious application, which has some parts only visible after logging in and other freely accessible, I realized that I should have done something to block the usage of the Back button in the browser after logging out.

I’m not the first one to think about it, of course, so I found this and added this to the code:

$app->hook(
   after_dispatch => sub ($c) {
      $c->res->headers->cache_control('no-store, must-revalidate')
         if $c->is_user_authenticated;
   },
);

I’m not going to fuss over all the different browsers, but in case the link above has plenty of discussions.

Stay safe!

Comments? Octodon, , GitHub, Reddit, or drop me a line!

ETOOBUSY © 2023 by polettix ― Powered by Jekyll and the TextLog theme