Hi, the logout function doesn’t appear to work as it should. All a user needs to do is go back in their browser and they are logged in still.
I’ve found mentions of this in the forum going back a while now, I’ve tried some of the ideas but they haven’t worked.
Does anyone know when/if this flaw will be resolved or of a workaround to solve the problem now?
Thanks
Hi @MarkLanz,
Could you please provide more info, why do you think that logout is not working? May be you can do screen recording showing this?
It is true that user can click “back” in the browser after action “Log Out”. But user is not logged in at that stage. You can check this easily by adding a label with user email to the screen, and see what will be the value there, or try to update some logged-in user property value (it will not update).
For protection I would recommend adding a on-screen-enter action, linking to some “Please log in” screen. Action should be conditional, happen if logged-in user email is equal to empty.
Best regards, Victor.
@Victor, thanks, I will try those out. From what you have said re being able to use the back button after log out, am I correct in my understanding that if a user logged out and then left their phone/browser open, someone else could simply press the back button to see the protected content?
If the answer is yes, than I assume I’d have to add an on-screen action you mentioned to every screen, correct? Thank you!
Hi @MarkLanz,
Unfortunately (from a security perspective), your understanding is correct. That’s why I suggest implementing additional security measures like on-screen-enter actions. In addition you can check the user role/email and hide the screen content.
This video might be interesting for you: Adalo tutorials: admin and user access to different screens. UPDATE in the description - YouTube
Best regards, Victor.
Thanks, @Victor. Much appreciated.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.