I am using python with django i want redirect users to login page when he clicks back button after logout. How to achieve this? where to write the code?
To test whether django admin handles this..i logged into django admin..logged out and then hit back button and i am able to see the previous page. Why django admin does not handle this.
This is the ccode for logout in django admin:
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
request.session.flush()
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUs开发者_如何转开发er
request.user = AnonymousUser()
Finally found the solution:
from django.views.decorators.cache import cache_control
@cache_control(no_cache=True, must_revalidate=True)
def func()
#some code
return
This will force the browser to make request to server.
You may find you need to use @cache_control(no_cache=True, must_revalidate=True, no_store=True) in chrome to fully stop any back button viewing.
The key thing being no_store for chrome as I found here 1
+1 for Digital Cake's answer! This solved the problem of backing up into cached pages after logout on FireFox as well. I tried:
@cache_control(no_cache=True, must_revalidate=True)
on my views with no luck. Per Digital Cake, tried:
@cache_control(no_cache=True, must_revalidate=True, no_store=True)
and now Firefox backs up to the login screen.
I know it's an old question, but the accepted answer did not work for me. i faced the same problem (using django 1.8 & Chrome)
Finally, I found the solution from the docs (django 1.7 or later). This will work for sure.
Just see the code below
from django.contrib.auth.decorators import login_required
@login_required(login_url='/login/')
def myview(request):
return HttpResponse(render(request,'path_to_your_view.html'))
@login_required
decorator is used to handle the issue. You can check more in doc
The reason that you can the admin page, after you logged out and hit back is, that you don't see the real page. Rather you see a copy of it that is in your browser cache.
Try this:
- go to any admin page
- click "Logout"
- hit the "Back" button in your browser
- press F5 or click "Refresh" in your browser.
Now you will be redirected to the login page of the admin backend.
This is a cache problem.
You can use cache_control decorator to force no cache on views:
from django.views.decorators.cache import cache_control
@cache_control(no_cache=True, must_revalidate=True, no_store=True)
def func()
# some code
return
This will force the browser to make a request to the server.
More about cache_control
It depends, what kind of authentication system you are using. If u are using some kind of own impl, you could write own Middleware
class that redirects unathenticated users to login page.
If you are using some lib, check its docs how it handles request to secured pages from unauthenticated users.
精彩评论