User clicks on back button while session is still authenticated and gets redirected to login page in node.js
One of the "features" of (most) modern browsers is that clicking the back button navigates you back to the state at which that page was loaded. Unless you dynamically update the login page before navigating away to the logged in state, this is the experience you'll get.
What I'd suggest instead is once authenticated on the login page, instead of immediately redirecting the user to the logged in state, update the logged in page to indicate that the user is now logged in (e.g. if you have an avatar/profile icon in the top right, change the appearance of it with .js to indicate the user is logged in).
Once the state of the login view has been changed, then navigate to the appropriate content view (using a meta redirect might be the most appropriate, but you can do it how you like).
You can assume that because the user clicked the back button, they probably meant to. This solution ensures that the user's expectation of back-button behavior is respected, as opposed to forcing a redirect by detecting a cookie with js and re-navigating -- which leads to forward/back redirect loops (which are oh-so frustrating!)
While StackOverflow doesn't actually do what you're trying to do, here's an example of what you could do with .js to dynamically update /login
before you navigate away:
Prevent Browser's Back Button Login After Logout in Laravel 5
When the user clicks the back button they're not actually logged in, its just the browser rendering what it has cached from previous page views. The user won't be able to navigate or interact with anything that requires them to be logged in because, to your application on the server, they're not authenticated.
When the user clicks the back button you have no control over that as it doesn't make a request to the server.
Using the back button, the only content they'll be able to view is that what they have already visited whilst logged in. If they try to access anything new, they'll make a new request to your application, your middleware will trigger and redirect them to the login page.
I guess if you really wanted to stop this behavior you could use some JavaScript and such to send an ajax request and check if the user is logged in that way, but quite useless from a security point of view.
Make browser back button show login page without error div
The thing is that when you press back the browser doesn't always reload the page, that's the reason of the logging still showing the error, so what you need is to force the page to reload. Here you have a link to the solution that im giving you, hope it works How to force reloading a page when using browser back button?
Edit:
Answering to your comment, yes, it should be placed in the js file, something like this should do the trick
var perfEntries = performance.getEntriesByType("navigation");
(function(){
if (perfEntries[0].type === "back_forward") {
location.reload(true);
}
}());
This is a function that doesn't require to be called, the function calls itself when the JS file is loaded
How to prevent browser from going back to login form page once user is logged in?
On the login screen, in PHP, before rendering the view, you need to check if the user is already logged in, and redirect to the default page the user should see after logged in.
Similarly, on the screens requiring login, you need to check if the user is not logged in and if not, redirect them to the login screen.
// on login screen, redirect to dashboard if already logged in
if(isset($_SESSION['username'])){
header('location:dashboard.php');
}
// on all screens requiring login, redirect if NOT logged in
if(!isset($_SESSION['username'])){
header('location:login.php');
}
Redirect logged in user to home page when back button is pressed after login
This question is already solved here: Clear cache on back press to prevent going back on login page or previous page after logout by Hashem Qolami Same question but in different perspective.
Related Topics
What Is the Purpose of a Question Mark After a Type (For Example: Int Myvariable)
How Does Httpcontext.Current.User.Identity.Name Know Which Usernames Exist
How to Get Number of Rows Using Sqldatareader in C#
How to Create a Dynamic Email Template That Can Be Modified Without Changing Code in C# .Net MVC
How to Check Byte Array Empty or Not
How to Generate a System (Pc/Laptop) Hardware Unique Id in C#
Restsharp Serializing Json Objects to Post Parameters
Asp.Net Core Form Post Results in a Http 415 Unsupported Media Type Response
Getting the Latest File Modified from Azure Blob
How to Perform Join Between Multiple Tables in Linq Lambda
How to Correctly Write Parallel.For With Async Methods
How to Remove Windows Credentials
How to Convert Json Date to .Net Datetime During Deserialization
Reload Page After Jquery.Get to MVC Controller Action
Linq to Find All Childs Related to Parents Id