This code was leverage here
The code below was used to create users session in Go. The session is working fine.
The issue am having is that after user logout, if I click on browser back button. I can then still see the details of the logout user.
I have leverage stackoverflow solution here but no luck
I have also added the following code to logout handler
w.Header().Set("Cache-Control", "no-cache, private, max-age=0")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("X-Accel-Expires", "0")
here is the code
package main
import (
"fmt"
"net/http"
"github.com/gorilla/sessions"
)
var (
// key must be 16, 24 or 32 bytes long (AES-128, AES-192 or AES-256)
key = []byte("super-secret-key")
store = sessions.NewCookieStore(key)
)
func secret(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "cookie-name")
// Check if user is authenticated
if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
// Print secret message
fmt.Fprintln(w, "The cake is a lie!")
fmt.Fprintln(w, session.Values["foo"])
}
func login(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "cookie-name")
// Authentication goes here
// Set user as authenticated
session.Values["authenticated"] = true
session.Values["foo"] = "bar"
session.Values[42] = 43
session.Save(r, w)
fmt.Fprintln(w, session.Values["authenticated"])
fmt.Fprintln(w, session.Values["foo"])
fmt.Fprintln(w, session.Values["2"])
}
func logout(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "cookie-name")
// Revoke users authentication
session.Values["authenticated"] = false
session.Values["foo"] = ""
session.Values[42] = ""
session.Save(r, w)
// prevent caching
w.Header().Set("Cache-Control", "no-cache, private, max-age=0")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("X-Accel-Expires", "0")
}
func main() {
http.HandleFunc("/secret", secret)
http.HandleFunc("/login", login)
http.HandleFunc("/logout", logout)
http.ListenAndServe(":8000", nil)
}
