Session Cakephp在注销后不会使页面过期
我正在学习cakePHP,我已经编写了手册的示例,问题在于UsersController的注销方法,当我按下注销链接时,应用程序将重定向到登录表单,但浏览器的后退按钮允许返回到需要经过身份验证的用户的页面,添加帖子的页面就是一个例子 源代码 UsersController.php PostsController.php AppController.phpSession Cakephp在注销后不会使页面过期,session,cakephp,expired-sessions,Session,Cakephp,Expired Sessions,我正在学习cakePHP,我已经编写了手册的示例,问题在于UsersController的注销方法,当我按下注销链接时,应用程序将重定向到登录表单,但浏览器的后退按钮允许返回到需要经过身份验证的用户的页面,添加帖子的页面就是一个例子 源代码 UsersController.php PostsController.php AppController.php 请从AppController检查beforeFilter函数 您已明确允许通过AuthComponent执行某些操作 public func
请从AppController检查beforeFilter函数 您已明确允许通过AuthComponent执行某些操作
public function beforeFilter() {
$this->Auth->allow('index','view','login','helloajax');
}
因为AppController是由cakephp中的每个控制器扩展的。结果表明,您允许未经验证的用户访问您已创建或将创建的每个控制器的索引、视图、登录等操作 是的,您是对的,但问题是浏览器的“后退”按钮允许返回到需要验证的操作。例如,这发生在需要身份验证的PostsController的Add操作中。
<?php
class PostsController extends AppController {
public $helpers = array('Html', 'Form');
public function isAuthorized($user) {
// All registered users can add posts
if ($this->action === 'add') {
return true;
}
// The owner of a post can edit and delete it
if (in_array($this->action, array('edit', 'delete'))) {
$postId = (int) $this->request->params['pass'][0];
if ($this->Post->isOwnedBy($postId, $user['id'])) {
return true;
}
}
return parent::isAuthorized($user);
}
public function index() {
if ($this->Session->read('userid')) {
$this->set('posts', $this->Post->find('all', array('conditions' => array('Post.user_id' => AuthComponent::user('id')))));
} else {
$this->set('posts', $this->Post->find('all'));
}
}
public function view($id = null) {
if (!$id) {
throw new NotFoundException(__('Invalid post'));
}
$post = $this->Post->findById($id);
if (!$post) {
throw new NotFoundException(__('Invalid post'));
}
$this->set('post', $post);
}
public function add() {
if ($this->Auth->loggedIn()) {
if ($this->request->is('post')) {
$this->request->data['Post']['user_id'] = $this->Auth->user('id');
$this->Post->create();
if ($this->Post->save($this->request->data)) {
$this->Session->setFlash(__('Your post has been saved.'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Unable to add your post.'));
}
} else {
return $this->redirect(array('controller' => 'users', 'action' => 'login'));
}
}
public function edit($id = null) {
if (!$id) {
throw new NotFoundException(__('Invalid post'));
}
$post = $this->Post->findById($id);
if (!$post) {
throw new NotFoundException(__('Invalid post'));
}
if ($this->request->is(array('post', 'put'))) {
$this->Post->id = $id;
if ($this->Post->save($this->request->data)) {
$this->Session->setFlash(__('Your post has been updated.'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Unable to update your post.'));
}
if (!$this->request->data) {
$this->request->data = $post;
}
}
public function delete($id) {
if ($this->request->is('get')) {
throw new MethodNotAllowedException();
}
if ($this->Post->delete($id)) {
$this->Session->setFlash(
__('The post with id: %s has been deleted.', h($id))
);
return $this->redirect(array('action' => 'index'));
}
}
}
?>
<?php
App::uses('Controller', 'Controller');
/**
* Application Controller
*
* Add your application-wide methods in the class below, your controllers
* will inherit them.
*
* @package app.Controller
* @link http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
*/
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users','action' => 'login'),
'authorize' => array('Controller') // Added this line
)
);
public function isAuthorized($user) {
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
public function beforeFilter() {
$this->Auth->allow('index','view','login','helloajax');
}
}
?>
public function beforeFilter() {
$this->Auth->allow('index','view','login','helloajax');
}