If a user logs out of your ktor app, how do you pr...
# ktorc
codec
08/06/2020, 3:08 AMIf a user logs out of your ktor app, how do you prevent the browser’s “back button” from letting them back in?
a
Alexandre Brown
08/06/2020, 1:08 PMConsider using JWT based authentication. Your server wouldn't need to know if the user is logged in. You would simply clear the JWT on the client side so that next time he tries to access a route that requires authentication it would return a 401 UNAUTHORIZED. On the client side you could decide that 401 should return to the login page.
c
codec
08/06/2020, 2:46 PMHow do you clear the JWT on the client side? Like pipe the instruction through a Websocket, which would call some JavaScript on the client side?
codec
08/06/2020, 2:47 PMAlso, I’m using session based authentication, which works fine, (throws 401 Unauthorized) whenever a new route request is made. The problem is the history has pages cached, so effectively the back button is not making a new request, and allows the user to see the page.
m
molikuner
08/07/2020, 3:49 AMIf it's not enough that the user can't access new stuff, the only way I'm aware of is rewriting the history on client side via JavaScript, but that's not ktor related.
c
codec
08/08/2020, 6:25 AMright ok.
2 Views