Clearing network history on a redirect


#1

Hi,

I currently have a login system that posts a username and password to my backend for verification. The issue is, that this request stays in the networks tab of the history. Is there a way to redirect without persisting this information.

I believe this is a consequence of Ember handling the transition. I have considered recreating the login form with simple html and js that will post to an endpoint.


#2

I assume you mean the browser inspector? You could do a refresh after login, but then you need to persist the user information in some other way (localStorage, etc.) so the refreshed page can validate the user as logged in (and make sure you clear that on logout or earlier). But that isn’t fool-proof, if the user has checked the checkbox in the Network Tab to “Preserve Log” a refresh isn’t going to clear it out.

If the issue is that it is in plain text, you could do basic client side encryption and then decrypt it on the server. It isn’t really adding much additional security (client side encryption isn’t secure obviously) but it would stop basic snooping.

Recreating as a simple html/js page would not “solve” the issue (see “Persist Log” note above), but I’m not really sure it is an issue. If the user is at a public machine, closing the tab eliminates the history you are referring to. And if it’s a personal machine, and it is compromised or in a nefarious person’s hands (i.e. not the user’s), then they have WAY more issues than whether the password can be found in the network panel. That person could install malware, keystroke loggers or any manner of other things if they have access to the device at the level they’d need in order to view the network panel.