当用户单击后退"按钮时，他们实际上未登录，只是浏览器呈现了它的内容从先前的网页浏览中缓存.用户无法进行导航或与需要他们登录的任何内容进行交互，因为在服务器上您的应用程序未通过身份验证.

When the user clicks the back button they're not actually logged in, its just the browser rendering what it has cached from previous page views. The user won't be able to navigate or interact with anything that requires them to be logged in because, to your application on the server, they're not authenticated.

当用户单击后退按钮时，您无法控制它，因为它不会向服务器发出请求.

When the user clicks the back button you have no control over that as it doesn't make a request to the server.

使用后退按钮，他们将只能查看登录时已经访问的内容.如果他们尝试访问任何新内容，则将向您的应用程序(中间件)提出新请求将会触发并将他们重定向到登录页面.

Using the back button, the only content they'll be able to view is that what they have already visited whilst logged in. If they try to access anything new, they'll make a new request to your application, your middleware will trigger and redirect them to the login page.

我想如果您真的想停止这种行为，则可以使用一些JavaScript之类的方法来发送ajax请求并检查用户是否以这种方式登录，但是从安全角度来看却毫无用处.

I guess if you really wanted to stop this behavior you could use some JavaScript and such to send an ajax request and check if the user is logged in that way, but quite useless from a security point of view.