On implementing basic sign in functionality we need to handle our session properly.
Even after proper session management, in following case we can view users confidential profile information.
->login into app
->Move to profile page
-> Tap on Logout
->Press back button of browser
-> Getting my last visited page(profile Page)
We need to clear our cache :
First make sure perform_caching is set to false in development.rb(mobile/config/environments/development.rb) file : config.action_controller.perform_caching = false
Next add following following method in application_controller.rb file :
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
As our cache is clear; Now let’s redirect user back to root page.(As on clicking back button of browser no page will be found)
In user_controller.rb file :
before_filter :check_session, :only =>[:show]
In application_controller.rb :
redirect_to root_path unless current_user
Simply Redirected to root / login page, as current_user is unavailable and cleared our Cache!!!