0

Django 2.1.7

This is for a simple blog with homepage (post list view), post detail view, and profile (post list view)

When a user logs out, LOGOUT_REDIRECT_URL = '/' redirects the user to the homepage.

However, when the user clicks the browser's back button, the previous page still shows all the logged out user's data. When I reload the page, it clears the cache.

when the user's logged in, shows username]

when the user's logged in, shows username

when the user's logged out, shows 'login'

when the user's logged out, shows 'login'

I found a similar question and their answer was to use the cache_control decorator. Django - User re-entering session by clicking browser back button after logging out

@cache_control(no_cache=True, must_revalidate=True, no_store=True)
@login_required
  • Would I have to add these decorators to every single view?
  • I do not want the @login_required decorator. AnonymousUsers should be able to view all pages without logging in.

What's the best way to do this? Similar to Twitter's logout flow. (user logs out -> login page -> back button -> previous page but reloaded)

urls.py

from django.contrib.auth import views as auth_views
urlpatterns = [
path('logout/', auth_views.LogoutView.as_view(template_name='users/logout.html'), name='logout'),
ckp7blessed
  • 15
  • 1
  • 7
  • 1
    Likely Django does not send the previous page: this is just the browser that stored the old one and rerenders it. So it does not load "actual" data, it simply displays the "old page". – Willem Van Onsem May 03 '22 at 09:43
  • Yes, understood. Trying to figure out a workaround for this. I do not want the data from the 'old page' to show if the user clicks the browser's back button. Also seems to be a security risk. I'm kind of surprised it's hard to find an answer on SO for this.. – ckp7blessed May 03 '22 at 09:54

0 Answers0