Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Headers for controlling browsers cache after Auth::logout()
  • Hi,

    Can someone tell show me how to code the Response object to specify Cache-Control, Expires and Pragma headers? After I Auth:logout a user, the browser back button shows the previous session screens from the browser cache.

    How are you guys handling this problem?

    Thanks for your help.
  • HarroHarro
    Accepted Answer
    I never do that. The fact that a back button shows pages from cache is by design. Disabling cache on all pages do prevent users using the back button has an adverse affect on performance, and will cause a reload on using the back-button, which might have very nasty side effects you have to take into account in your application.

    I don't have a problem with users using that button. Since the session is no longer there, as soon as the user tries to do something the lack of authorisation makes sure nothing can happen.

    Having said that, to be able to set custom headers on the Response, you need access to the Reponse object. Which you have in your index.php, but if you do it there, you'll do it for all responses.

    In controllers, the response is crafted automatically (in most cases) in the after() method of the base controller you extend. Which means you will have to create your own after() method, which calls the parent to construct the response, and add headers to it before returning it. You can do this in your individual controllers, or use your own base controller in which you do this.
  • I added after() method to my base controller. I did this:

    public function after($response){

    $response = parent::after($response);
      $response = $response->set_header('Cache-Control', 'no-store, no-cache, must-revalidate,  max-age=0');                                   
      $response = $response->set_header('Expires', 'Sat, 26 Jul 1997 05:00:00 GMT');
      $response = $response->set_header('Pragma', 'no-cache');
    return $response;
       
    }

    It worked. 

    Thanks!!!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion