https://kotlinlang.org logo
#ktor
Title
# ktor
c

codec

08/06/2020, 3:08 AM
If a user logs out of your ktor app, how do you prevent the browser’s “back button” from letting them back in?
a

Alexandre Brown

08/06/2020, 1:08 PM
Consider using JWT based authentication. Your server wouldn't need to know if the user is logged in. You would simply clear the JWT on the client side so that next time he tries to access a route that requires authentication it would return a 401 UNAUTHORIZED. On the client side you could decide that 401 should return to the login page.
c

codec

08/06/2020, 2:46 PM
How do you clear the JWT on the client side? Like pipe the instruction through a Websocket, which would call some JavaScript on the client side?
Also, I’m using session based authentication, which works fine, (throws 401 Unauthorized) whenever a new route request is made. The problem is the history has pages cached, so effectively the back button is not making a new request, and allows the user to see the page.
m

molikuner

08/07/2020, 3:49 AM
If it's not enough that the user can't access new stuff, the only way I'm aware of is rewriting the history on client side via JavaScript, but that's not ktor related.
c

codec

08/08/2020, 6:25 AM
right ok.
2 Views