4

I am using spring security and i was wondering how to solve this back button or problem of the browsers.

The thing is that after i login , when i click the back button . I am coming to the login page again. It would be very good if even on clicking the back button you stay in the logged in home page only.

Same must be if i am logged out it should not be like when i click the back button i am again in the logged in home page. I am not sure what to do to solve this. I know browser caches the pages but When i use standard website like facebook or yahoo , looks like there is already some solution for it. Any direction or info will be very helpful.?

4

2 回答 2

5

你的部分问题来自浏览器缓存。您可以通过多种方式禁用它:

  • 为所有页面配置 Spring MVC 拦截器:
    <mvc:annotation-driven/>

    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**/*"/>
            <bean id="webContentInterceptor" class="org.springframework.web.servlet.mvc.WebContentInterceptor">
                <property name="cacheSeconds" value="0"/>
                <property name="useExpiresHeader" value="true"/>
                <property name="useCacheControlHeader" value="true"/>
                <property name="useCacheControlNoStore" value="true"/>
            </bean>
        </mvc:interceptor>
    </mvc:interceptors>
  • 呼叫响应方法:
    response.setHeader("Pragma", "no-cache");
    response.setHeader("Cache-Control", "no-cache");
    response.setDateHeader("Expires", 0);
  • 将元标记添加到相应的页面:
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Cache-Control" content="no-cache">
    <meta http-equiv="Expires" content="Sat, 01 Dec 2001 00:00:00 GMT">
于 2013-08-09T13:19:30.730 回答
2

有没有试过 Spring Security 内置的缓存控制

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

   @Override
   protected void configure(HttpSecurity http) throws Exception {
      http
      // ...
      .headers()
         .defaultsDisabled()
         .cacheControl();
   }
}
于 2015-11-04T19:11:43.520 回答