在注销后的我的symfony网站中,当我点击浏览器的后退按钮时,它会重定向到之前的安全页面。有什么方法可以防止这种情况。我对此进行了全面搜索,但没有任何帮助。建议添加了无缓存标头标签,但没有工作。我知道它是文件的缓存副本。但我不认为退出后显示安全页面是公平的,即使它是缓存副本。我有在twitter,facebook和linkedin等一些主要网站上检查他们正常工作,在注销后从未显示缓存副本。 这是我的防火墙设置,
防火墙:
main:
pattern: ^/(?!administrator)
form_login:
provider: fos_userbundle
login_path: /
use_forward: false
check_path: /user/login_check
success_handler: evp.security.authentication_handler
failure_handler: evp.security.authentication_handler
failure_path: /user/login
always_use_default_target_path: true
default_target_path: /user/login_redirect
remember_me: true
fos_facebook:
app_url: "http://apps.facebook.com/test"
server_url: "http://xxxxxxxxxxxxxxx"
login_path: /user/login
check_path: /facebook/login_check
provider: fos_facebook_provider
default_target_path: /user/facebook_login
fos_twitter:
login_path: /user/login
check_path: /twitter/login_check
default_target_path: /user/twitter_login
provider: my_fos_twitter_provider
remember_me:
key: %secret%
lifetime: 31536000
path: ~
domain: ~
remember_me_parameter: _remember_me
user_provider: fos_userbundle
oauth:
resource_owners:
twitter: "/login/check-twitter"
login_path: /login
failure_path: /login
oauth_user_provider:
service: ib_user.oauth_user_provider
logout:
path: /user/logout
target: /
anonymous: true
secured_area:
pattern: ^/administrator
provider: main
form_login:
login_path: /administrator
check_path: /administrator/login_check
always_use_default_target_path: true
default_target_path: /administrator/dashboard
anonymous: ~
logout:
path: /administrator/logout
target: /administrator
答案 0 :(得分:0)
我不知道你的security.yml,你的symfony2版本和许多其他细节,但如果你有像我这样的app\config\security.yml(在symfony 2.5.2上):
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
your_firewall_name:
provider: your_provider # for users stored on DB
context: context_name
host: your_host_name
pattern: ^/ # to protect the whole domain/subdomain
anonymous: ~
form_login:
# Login paths:
login_path: your_login_route
check_path: your_login_check_route
# Login success options
use_referer: false
always_use_default_target_path: true
default_target_path: your_default_target_path
# Login failed options
failure_path: your_login_route
remember_me: false # to disable remember me
logout:
# Logout paths
path: your_logout_route
target: your_target_route_after_logout
# Logout options
invalidate_session: true # the authenticated session will be unavailable afterwards
access_control:
- { host: your_host_name, path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, methods: [GET] }
- { host: your_host_name, path: ^/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY, methods: [POST] }
- { host: your_host_name, path: ^/logout, roles: ROLE_USER, methods: [GET] }
- { host: your_host_name, path: ^/, roles: ROLE_USER }
当您点击返回按钮时,您将被重定向到your_login_route,,但您没有机会删除浏览器端缓存的其他先前页面(如果你多次点击Go-Back页面)也会出现在ebay等大型网站上。
重要的是页面不起作用,因为您不再经过身份验证。