My problem: when a user 'logout' of my site and press the back-button in the browser, she can still check the previous pages.
I have tried this recipe Symfony2 response - Clear cache headers on back button but nothing happens
Recipe:
$response->headers->addCacheControlDirective('no-cache', true);
$response->headers->addCacheControlDirective('max-age', 0);
$response->headers->addCacheControlDirective('must-revalidate', true);
$response->headers->addCacheControlDirective('no-store', true);
My security.yml has these settings in the firewall in charge
logout:
path: mypath_logout
target: /
invalidate_session: true
The headers I receive when pressing the logout link:
object(Symfony\Component\HttpFoundation\ResponseHeaderBag)#429 (5) { ["computedCacheControl":protected]=> array(5) { ["max-age"]=> string(1) "0" ["must-revalidate"]=> bool(true) ["no-cache"]=> bool(true) ["no-store"]=> bool(true) ["private"]=> bool(true) } ["cookies":protected]=> array(0) { } ["headerNames":protected]=> array(2) { ["cache-control"]=> string(13) "Cache-Control" ["date"]=> string(4) "Date" } ["headers":protected]=> array(2) { ["cache-control"]=> array(1) { [0]=> string(55) "max-age=0, must-revalidate, no-cache, no-store, private" } ["date"]=> array(1) { [0]=> string(29) "Wed, 18 Nov 2015 11:40:47 GMT" } } ["cacheControl":protected]=> array(4) { ["max-age"]=> string(1) "0" ["must-revalidate"]=> bool(true) ["no-cache"]=> bool(true) ["no-store"]=> bool(true) } }
I'm using render
when the user logouts, this way:
$response = $this->render('template.html.twig', array(
'form' => $form->createView(),
));
Besides, just in case I have destroyed the session using plain PHP, when logging out:
unset($_SESSION);
session_destroy();
Quite an annoying problem this "prevent back-button", spent plenty of time on it :(