If a user logs out of your ktor app, how do you prevent the browser’s “back button” from letting them back in?
08/06/2020, 1:08 PM
Consider using JWT based authentication. Your server wouldn't need to know if the user is logged in. You would simply clear the JWT on the client side so that next time he tries to access a route that requires authentication it would return a 401 UNAUTHORIZED. On the client side you could decide that 401 should return to the login page.
08/06/2020, 2:46 PM
Also, I’m using session based authentication, which works fine, (throws 401 Unauthorized) whenever a new route request is made. The problem is the history has pages cached, so effectively the back button is not making a new request, and allows the user to see the page.
08/07/2020, 3:49 AM