Forum Replies Created
-
AuthorPosts
-
May 15, 2015 at 1:56 am in reply to: eMember – Browsers' back arrow allows user back into restricted page on logout #70044qcsgroupMember
Thanks for your input wzp. However, I’m not in a position to tell the client to change their theme because a single plugin isn’t working as expected.
Hi admin, Yes i tried logout redirection. I redirected it to the login page on log out as I thought this would force WP eMember to check that the user has logged out. Unfortunately, this didn’t fix the issue.
Is there a way to force the plugin to double check if the user is still logged in on page load/reload?
May 15, 2015 at 1:05 am in reply to: eMember – Browsers' back arrow allows user back into restricted page on logout #70041qcsgroupMemberThis is what I’m trying to achieve:
User1 logs into his restricted page, uploads sensitive files, then logs out without closing his browser.
User2 hops on the same computer and clicks the back arrow on the browser and should then be presented with a login screen and the warning “Please Login to view this content. (Not a member? Join Today!)”.
This is what’s actually happening:
User1 logs into his restricted page, uploads sensitive files then logs out without closing his browser.
User2 hops on the same computer and clicks the back button on the browser and instead of being presented with a login prompt and warning, User2 can now see User1’s sensitive files. This is an obvious security issue.
In your demo page, if User1 were to log in, and logs out afterwards, then User2 jumps on and clicks the back arrow on the browser, he is presented with the login screen and warning “Please Login to view this content. (Not a member? Join Today!)”.
I’ve tried this on Chrome and IE11 and the behavior is the same. Yet on the demo, it works perfectly.
So there must be a check that your demo is doing that the page I’m working on isn’t doing.
May 14, 2015 at 11:40 pm in reply to: eMember – Browsers' back arrow allows user back into restricted page on logout #70039qcsgroupMemberThank you for your quick reply. I understand what you mean. However, I was hoping to achieve the same thing you have on your demo page for WP eMember.
Here’s the link:
Basically what’s happening is, once logged in, and you click “Logout”, if you hit the back arrow on the browser, the plugin forces the user to log back in and doesn’t show a cache’d page.
Could you please advise how I might go about in achieving this?
-
AuthorPosts