In this tutorials we are sharing with you one common web securite issue in laravel project. you are many time notice in laravel onece your are login in your laravel application and and then after logout from laravel application and then you press your browser back button. you realise your previes page is show which you are open befor logout.
So, this is not good for securite perpouse, so how to fix this issue in laravel application with very simple way. when you are logout from laravel application then anyone try to press browser back button then they can not able to show any pages which we are open befor logout and they redirect on login screen. this way is very safe for security reason
this type issue you can fix with laravel middleware. nothing do extra simple add some caching related code in middleware. so, when user logout from laravel application then your laravel application's cache create from stat to end.
this issue arise due to browser caching system. if you visit any page in your browser the browser cache data from this page. so, simple follow this step and you can resolve this laravel security related issue
step : 1 create new middleware
you can also add this code in your current middleware which you are using for check login. but i create here new one for it. create one new middleware using this command.
php artisan make:middleware DisablePreventBack
step : 2 Configur middleware
your new middleware is created this path app/Http/Middleware/DisablePreventBack.php so, open it and Configur your middleware like that...
<?php
namespace App\Http\Middleware;
use Closure;
class DisablePreventBack
{
/**
* Handle an incoming request.
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
return $response->header('Cache-Control','nocache, no-store, max-age=0, must-revalidate')
->header('Pragma','no-cache')
->header('Expires','Sun, 02 Jan 1990 00:00:00 GMT');
}
}
step : 3 Regitration middleware
[ADDCODE]
Now you must be register this middleware. so, open app/Http/Kernel.php file and add your middleware in $routeMiddleware array variable into the last like that..
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
........
........
/**
* The application's route middleware.
* These middleware may be assigned to groups or used individually.
* @var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'disablepreventback' => \App\Http\Middleware\DisablePreventBack::class,
];
}
step : 4 Use this middleware in route
Now how to use this middleware in your route like that...
Route::group(['middleware' => 'disablepreventback'],function(){
Auth::routes();
Route::get('/home', 'HomeController@index');
});
We are hope this tutorials is helpfull to you...
