Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
i add some code in my header to disable browser cache to avoid viewing the pages for logged in users after logging out
TokenMismatchException in E:\XAMPP\htdocs\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken.php line 46:
Explain the "viewing the pages for logged in users after logging out" part. If someone presses back, they will see the page regardless. Browsers don't have to listen to cache headers.
Surely if you're redirecting home they shouldn't be viewing pages that require auth...
@bashy yes after logging out they are redirected to home but when pressing back they can still view the last page that user viewed. what's the best way to handle that browser issue instead of inserting php code to header to do not cache?
You should use a filter or middleware to handle that. Laravel has a build in filter(Laravel 4: http://laravel.com/docs/4.2/routing) and middelware (Laravel 5: http://laravel.com/docs/5.0/middleware) to handle a redirect when the user is not logged in!
Okay, why is it a problem? Any live AJAX requests or freshly updated data should be protected so going back won't allow them to see anything?
Never thought about it but using no cache isn't reliable.
@blackbird im using the laravel 5 and there's already an authentication for the built, but clicking back button after logging out with that in default isn't good which allows you to view the last page which is home by default. As a beginner without a wide choices doing that would be a problem.
@bashy thanks for reply. im a beginner with laravel please be patient with me, there's no ajax requests yet that im working on, im starting to learn for now the authentication and facebook login integration. i just finished the laravel 5 fundamentals but the browser issue of pressing back button wasn't tackled there.
@dinis I followed the same course and had zero problems!
@blackbird yeah i have zero problem too but try to install a fresh copy of laravel 5, then use the auth/login and auth/register then after that try to log in and log out then press back button
Will do ;)
I don't get the exception, but I am on the logged in page, if I then do something else like refreshing or clicking any link I'm not logged in anymore. I think this is just browser caching since you will be logged out on any refresh. If you go back a step it just fetches the last page from cache.
I don't see a reason why this is wrong and disabling browser cache breaks it because it doesn't cache the required stuff for the page ;)
If you really don't like this you can of course catch the exception and redirect the user to another page ;)
Please or to participate in this conversation.