我正在为我的应用程序使用CFML。在开发注销会话以破坏会话的过程中,我需要帮助。现在,在注销链接上,我正在调用登录页面,但是当单击浏览器上的“返回”按钮时,用户仍然登录。
<!---LoginForm.cfm>--->
<!---Handle the logout--->
<cfif structKeyExists(URL,'logout')>
<cfset createObject("component",'authenticationService').doLogout() />
</cfif>
<!---Form processing begins here--->
<cfif structkeyExists(form,'submitLogin')>
<!---Create an instane of the authenticate service component--->
<cfset authenticationService=createObject("component",'authenticationService') />
<!---Server side data validation--->
<cfset aErrorMessages=authenticationService.validateUser(form.userEmail,form.userPassword)>
<cfif ArrayisEmpty(aErrorMessages)>
<!---Proceed to the login procedure --->
<cfset isUserLoggedIn=authenticationService.doLogin(form.userEmail,form.userPassword) >
</cfif>
</cfif>
<!---Form processing ends here--->
<cfform>
<fieldset>
<legend>Login</legend>
<cfif structKeyExists(variables,'aErrorMessages') AND NOT ArrayIsEmpty(aErrorMessages)>
<cfoutput>
<cfloop array="#aErrorMessages#" index="message" >
<p >#message#</p>
</cfloop>
</cfoutput>
</cfif>
<cfif structKeyExists(variables,'isUserLoggedIn') AND isUserLoggedIn EQ false>
<p class="errorMessage">User not found.Please try again!</p>
</cfif>
<cfif structKeyExists(session,'stLoggedInUser')>
<!---display a welcome message--->
<p><cfoutput>Welcome #session.stLoggedInUser.userFirstName# </cfoutput>
<p><a href='#'>My profile</a><a href="LoginForm.cfm?logout">Logout</a></p>
<cfelse>
<dl>
<dt>
<label for="userEmail">Email address</label>
</dt>
<dd>
<cfinput type="email" name="userEmail" required="true" >
</dd>
<dt>
<label for="userEmail">Password</label>
</dt>
<dd>
<cfinput type="password" name="userPassword" required="true" >
</dd>
</dl>
<cfinput type="submit" name="submitLogin" value="Login" />
</fieldset>
</cfif>
</cfform>
<cfdump var="#session#">
<!---authenticationService.cfc--->
<cfcomponent>
<cffunction name="validateUser" access="public" output="false" returntype="array">
<cfargument name="userEmail" type="string" required="true" />
<cfargument name="userPassword" type="string" required="true" />
<cfset var aErrorMessages=ArrayNew(1) />
<!---Validate the email--->
<cfif NOT isValid('email',arguments.userEmail)>
<cfset arrayAppend(aErrorMessages,'Please,provide a valid email address') />
</cfif>
<!---Validating the Password--->
<cfif arguments.userPassword EQ ''>
<cfset arrayAppend(aErrorMessages,'Please, provide a password') />
</cfif>
<cfreturn aErrorMessages />
</cffunction>
<!---doLogin() Method--->
<cffunction name="doLogin" access="public" output="false" returntype="boolean">
<cfargument name="userEmail" type="string" required="true" />
<cfargument name="userPassword" type="string" required="true" />
<!---create the isUserLoggedIn variable--->
<cfset var isUserLoggedIn=false />
<!---get the user data from the database--->
<cfquery datasource="myapp" name="getInfo">
select * from Info
where emailid='#form.userEmail#' and password='#form.userPassword#'
</cfquery>
<!---Check if the query returns one and only one user--->
<cfif getInfo.recordcount eq 1 >
<!--- log the user in --->
<cflogin>
<cfloginuser name="#getInfo.username#" password="#getInfo.password#" roles="#getInfo.role#">
</cflogin>
<!--- save user data in session scope --->
<cfset session.stLoggedInUser={'userFirstName'=getInfo.username} />
<!---change the isUserLoggedIn variable to true--->
<cfset var isUserLoggedIn=true />
</cfif>
<!---return the isUserLoggedIn variable --->
<cfreturn isUserLoggedIn />
</cffunction>
<!---doLogout() Method--->
<cffunction name="doLogout" access="public" output="false" returntype="any">
<!---delete user from session scope--->
<cfset structDelete(session,'stLoggedInUser') />
<!---log the user out--->
<cflogout />
</cffunction>
</cfcomponent>
答案 0 :(得分:0)
关于注销后的返回按钮,情况是有人可以注销并离开计算机而无需关闭浏览器或锁定它。然后其他任何人都可以返回浏览器,然后在注销之前查看他们一直在查看的数据。
我们通过在每个页面请求上实现Pragma: no-cache标头解决了金融应用程序的问题。这会强制从服务器重新加载对页面的请求,而不仅仅是加载浏览器缓存中的内容。这意味着后退按钮将从服务器请求上一个URL,这将检查会话并将您带到您注销的登录页面。
它会抛弃一些习惯于以某种方式浏览您的网站的用户,但这将使其更加安全。