dounianxie2058 2016-01-29 14:16
浏览 86

Golang和Gorilla会话-缓存阻止注销功能

I've built an application that uses the Go Gorilla sessions package. Everything seems fine, except when on logout I implement

func logout(w http.ResponseWriter, r *http.Request) {
  session, _ := store.Get(r, "authsesh")
  session.Values["access"] = "denied"
  session.Save(r, w)
  http.Redirect(w, r, "/", 302)
  return
}

Because the page requiring authentication is cached by the browser, it can still be accessed after logout. How can I get around that? Is there a way to prevent the browser from caching the page? There's nothing wrong with the cookie, if I clear the cache and keep the cookie I can see the logout has had the desired effect.

  • 写回答

1条回答 默认 最新

  • doudou130216 2016-01-29 14:28
    关注

    Set the correct cache headers in your handler(s):

    w.Header().Set("Cache-Control", "no-cache, private, max-age=0")
w.Header().Set("Expires", time.Unix(0, 0).Format(http.TimeFormat))
w.Header().Set("Pragma", "no-cache")
w.Header().Set("X-Accel-Expires", "0")

    Note that we set multiple headers to account for proxies and HTTP/1.0 clients.

    You can wrap these into middleware you can apply as well:

    func NoCache(h http.Handler) http.Handler) {
    fn := func(w http.ResponseWriter, r *http.Request) {
        // Set the headers
    }

    return http.HandlerFunc(fn)
}

// In your router
http.Handle("/user-dashboard", NoCache(http.HandlerFunc(YourDashboardHandler))
    评论

报告相同问题?

悬赏问题

  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 unity第一人称射击小游戏,有demo,在原脚本的基础上进行修改以达到要求
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line