I am using Moodle 3.1+. In moodle after logging out, if I click the back button of the browser then the previous page is visible. How can I make it inaccessible after logging out? Please help.
I couldn't reproduce this. If I look at a course page then click log out, pressing the back button (in Chrome anyway) does not take me back to the course page.
I wonder if you are seeing a particular set of circumstances? Can you give more detail?
It is even there in the demo site. For example, if I visit the IP blocker page https://demo.moodle.net/admin/settings.php?section=ipblocker and then click the logout button when I click the back button of the browser it shows the IP blocker page in both Chrome and Mozilla.
Hi there,
That sounds like expected behaviour. If you refresh the page after clicking the back button is it still accessible?
Catherine
Hi Catherine,
If a user logout from the message page or any settings page, another user will be able to see the details.
Logging out of Moodle, doesn't clear browser cache/history, etc. Does change the status of cookies and sessions, however. How that behaves could be dependent upon the workstation being used in regards to the network it's connected to. Typical K12 networks a student/user has to login to the network before they can use a browser. User profiles come from a server. Profiles include users browser history, cookies, etc. Once a user logs out of a Moodle, it's only that users info/actions or whatever seen using back arrow. Once user logs out of the network, next person that sits at that computer and logs onto Moodle sees only their profile browser history, etc.
If not on a network like above, then using 'back arrow' will behave differently. LIke a shared computer at a Library or 'coffee shop'. Important for the user to know to logout ... mabye even clearn the browser cache and cookies before leaving that workstation.
So, all that to say ... check your browser settings. And on one computer check all browsers ... they do not share browser settings.
'spirit of sharing', Ken
It is not appropriate to ask the user to clear browser history before leaving. Most of the users won't have that much technical knowledge also. For example, if you log out from Gmail even if you click on the browser back button you will not be able to view the previous page. Actually it is a bug in Moodle.
Then by all means make a tracker entry!
https://tracker.moodle.org/secure/Dashboard.jspa
https://www.codeproject.com/Tips/549347/Browser-Back-Button-Issue-After-Logout
'spirit of sharing', Ken
Hi,
Good day folks!
I'm just new here and I'm thankful for all the insights and help I've got from this forum.
Now I guess its my turn to give back.
I've been also disturbed by this issue, posted above, since it will really cause a big trouble for users especially for the new ones. We are using an authentication plugin called 'lenauth' and we are authenticating through gmail account but restricted only to two domains. Previously when a user authenticates with an email not under the valid domain MOODLE will throw an error then re-authenticating with an email under the valid domain will also return an error which should not be the case. Then I tried reversing the process, authenticating first with the valid email and viola, I got a successful login but then surprisingly logging out of the account then re-authenticating with an email not under the valid domain will still have a successful login but the account is the account under the email with the valid domain. I did further tests until such time I have come to clear browser cache and found out that it was the cache causing the issue. I have search through different forums for various solutions until I've got the following:
Just add these few lines of html code in the index.php file under the login directory of MOODLE:
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate"/>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Expires" content="0"/>
I'm not really sure if this solution of mine is appropriate but I find it worth sharing.
Thanks.