0

I have two website which have Members areas. We have set up the members, member groups and member types, then created content documents, right-clicked and set the public access permissions to the top level node of the members area.

This all works fine if you use it how it's supposed to be used, eg you log in and your browse around the members area.

If I logout of the area, then click the browser's back button, I can get back to the Members area page that I saw whilst logged in, without having to log in again. Is there any way I can get around this, and make the Member's area page access expire after logout?

Thanks, Kerry

Kerry Lindsay
  • 1
  • 1
  • Are you sure you are not just seeing a cached version of the page? Use your back button and then hit refresh. – ProNotion Jul 11 '13 at 14:44

1 Answers1

0

One of the reasons this happens is because when you log click log out you are probably just clearing the session and loading your log out page as a simple GET request.

What you consider would be to have the "log out" action as a form POST (e.g. a button in a form or an anchor that triggers a form POST via javascript). This form POST could then perform a redirect. This way, if the user clicks "Back", they are actually reloading the POST request and not the page you were on when you before you clicked "Log off".

So in a nutshell, currently you are probably just performing a GET request to log the user off. If you perform a POST then a GET you can in part avoid this "Back" button issue.

Digbyswift
  • 10,310
  • 4
  • 38
  • 66