I’m new to userfrosting and I’m trying the demo out. I notice after a logout if I go use the back button on the navigator (chrome) it shows the previous page. If I do anything else it brings me back to the login page. It seems to me that this is unwanted behavior.
I believe this is typical behavior for web applications and browser history. In fact, in the HTTP Caching specifications:
History mechanisms and caches are different. In particular history mechanisms SHOULD NOT try to show a semantically transparent view of the current state of a resource. Rather, a history mechanism is meant to show exactly what the user saw at the time when the resource was retrieved.
So in other words, you should be able to press “back” and see the contents of that page as they were rendered while you were logged in, by default.
If this is a security concern, you can direct your users to close their browser after logging out, or use some client-side trick to clear those history frames (would be interesting to see what banks do).
The redirect-to-login feature is the default behavior of UF, but can be overridden by mapping a custom handler to the AuthExpiredException.
Thank you for your response.
I’ll investigate ways round this behavior and report back later.