- This topic has 9 replies, 3 voices, and was last updated 9 years, 6 months ago by
.
-
Posts
-
Hi, I’m using a theme called Asteria PRO and have successfully created a restricted page accessible only when a member is logged in.
Everything works fine including redirect on login and redirect on logout.
However, if I press the back arrow on my internet browser after I’ve logged out, I’m able to get back into the restricted area without logging back in.
I just want to prevent a random from sneaking onto the computer and pressing back arrow to get back into the restricted page.
Here’s the page I’m working on:
[http://www.airlineacademy.com.au/student-login/]
Conversely, I haven’t got this issue when working with the default WordPress theme called 2015.
Can someone please help?
The browsers back arrow usually just shows a cached page (for that users previous action) so this is perfectly okay. It is how the browsers work… nothing you can do about it. The user is not really getting back into the restricted area. When they click on something, the browser will load everything again.
Thank you for your quick reply. I understand what you mean. However, I was hoping to achieve the same thing you have on your demo page for WP eMember.
Here’s the link:
Basically what’s happening is, once logged in, and you click “Logout”, if you hit the back arrow on the browser, the plugin forces the user to log back in and doesn’t show a cache’d page.
Could you please advise how I might go about in achieving this?
You can’t do anything about it. The browsers back button’s behavior is not something you or I can change. Different browser will have slightly different behavior with the back button also. I am not sure why are you worried about the back button. Can you explain to me the reasoning for trying to do something with the back button?
This is what I’m trying to achieve:
User1 logs into his restricted page, uploads sensitive files, then logs out without closing his browser.
User2 hops on the same computer and clicks the back arrow on the browser and should then be presented with a login screen and the warning “Please Login to view this content. (Not a member? Join Today!)”.
This is what’s actually happening:
User1 logs into his restricted page, uploads sensitive files then logs out without closing his browser.
User2 hops on the same computer and clicks the back button on the browser and instead of being presented with a login prompt and warning, User2 can now see User1’s sensitive files. This is an obvious security issue.
In your demo page, if User1 were to log in, and logs out afterwards, then User2 jumps on and clicks the back arrow on the browser, he is presented with the login screen and warning “Please Login to view this content. (Not a member? Join Today!)”.
I’ve tried this on Chrome and IE11 and the behavior is the same. Yet on the demo, it works perfectly.
So there must be a check that your demo is doing that the page I’m working on isn’t doing.
Conversely, I haven’t got this issue when working with the default WordPress theme called 2015.
In your demo page, if User1 were to log in, and logs out afterwards, then User2 jumps on and clicks the back arrow on the browser, he is presented with the login screen and warning “Please Login to view this content. (Not a member? Join Today!)”.
…
So there must be a check that your demo is doing that the page I’m working on isn’t doing.
…Or it may be your premium theme.
Do you have the after logout redirection enabled? If not, enable that and see what it does after that.
Thanks for your input wzp. However, I’m not in a position to tell the client to change their theme because a single plugin isn’t working as expected.
Hi admin, Yes i tried logout redirection. I redirected it to the login page on log out as I thought this would force WP eMember to check that the user has logged out. Unfortunately, this didn’t fix the issue.
Is there a way to force the plugin to double check if the user is still logged in on page load/reload?
@qcsgroup: Is there a way to force the plugin to double check if the user is still logged in on page load/reload?
@admin: You can’t do anything about it. The browsers back button’s behavior is not something you or I can change. Different browser will have slightly different behavior with the back button also.
@admin: The browsers back arrow usually just shows a cached page (for that users previous action) so this is perfectly okay. It is how the browsers work… nothing you can do about it. The user is not really getting back into the restricted area.
The cached page @admin refers to is contained in the user’s browser. Nobody, has any control over the user’s browser cache.
In matters where security is concerned, it is a standard/acceptable business practice to supplement technology with good old-fashioned operating procedures; like requiring employees to close the browser, after logging out.
…Unless you want to do some “javascript magic” and disable the browser’s back button. But that will not prevent someone determined to “go back” to the previous page.
You are under the impression that you can force this plugin or any other plugin to do a check when the back button is clicked. What I am telling you is that, it is impossible to do that. No plugin can do an extra check when the browsers back button is clicked (because the browser doesn’t work the way you may think it does).
- You must be logged in to reply to this topic.