Django - LogoutView - cache_control - browser's back button has the logged out user's cache

Question

Django 2.1.7

This is for a simple blog with homepage (post list view), post detail view, and profile (post list view)

When a user logs out, LOGOUT_REDIRECT_URL = '/' redirects the user to the homepage.

However, when the user clicks the browser's back button, the previous page still shows all the logged out user's data. When I reload the page, it clears the cache.

when the user's logged in, shows username]

when the user's logged out, shows 'login'

I found a similar question and their answer was to use the cache_control decorator. Django - User re-entering session by clicking browser back button after logging out

@cache_control(no_cache=True, must_revalidate=True, no_store=True)
@login_required

• Would I have to add these decorators to every single view?
• I do not want the @login_required decorator. AnonymousUsers should be able to view all pages without logging in.

What's the best way to do this? Similar to Twitter's logout flow. (user logs out -> login page -> back button -> previous page but reloaded)

urls.py

from django.contrib.auth import views as auth_views
urlpatterns = [
path('logout/', auth_views.LogoutView.as_view(template_name='users/logout.html'), name='logout'),

Answer 1

You can use this code in your views function on the login definition:

def login(request):
    if request.user.is_authenticated:
        return redirect('home')
       
       #ure....code....here

Every time the session expires the user is forced to log out and then after authenticating and logging in to the page the user will visit only authorized contents.

If you use {% if request.user.is_authenticated %} on your HTML page you can restrict them.