It has been quite a while since I’ve been facing a particular issue in Rail, wherein the browser needs to revalidate the page on each request, which is a good sign, until someone clicks the hits the back button, and reload it, this time the browser won’t revalidate the request, it will simply load the page from It’s cache.
This could be vital when you are dealing with critical information, as it can lead to some serious leaking of the information, especially when you as a user logs out from the browser / application, and someone else takes the same machine, and tries to access it from the history. When a new user visits the page from history, the browser won’t revalidate the request, and will load the page from the cache – as stated above. Besides, if there is an advanced hacker in place, he can even decrypt the browser’s cache files and can gain the access of the critical information.
However, recently, I came across a blog from Greg Molnar, which indeed help to resolve the above issue.
Herein, to resolve the issue, one can explicitly set the ‘Cache-Control’ header in the app with a before filter:
response.headers[‘Cache-Control’] = ‘no-cache, no-store’
So from next time, whenever you want to display sensitive information, you can call this filter in each controller. Alternatively, you can also set a question for the users while sign in that whether they are on a public computer or private and set the cache header based on the choice.
If you are looking for experienced team of Ruby on Rails developers, feel free to contact us today.
Knowledge Source: Greg Molnar – www.greg.molnar.io