当用户点击后退按钮时，他们没有实际登录，它只是浏览器呈现它所拥有的缓存从以前的页面视图.用户将无法浏览任何需要他们登录的内容或与之交互，因为对于服务器上的应用程序，他们没有经过身份验证.

When the user clicks the back button they're not actually logged in, its just the browser rendering what it has cached from previous page views. The user won't be able to navigate or interact with anything that requires them to be logged in because, to your application on the server, they're not authenticated.

当用户点击返回按钮时，您无法控制它，因为它不会向服务器发出请求.

When the user clicks the back button you have no control over that as it doesn't make a request to the server.

使用后退按钮，他们唯一能够查看的内容是他们在登录时已经访问过的内容.如果他们尝试访问任何新内容，他们会向您的应用程序、您的中间件发出新请求将触发并将它们重定向到登录页面.

Using the back button, the only content they'll be able to view is that what they have already visited whilst logged in. If they try to access anything new, they'll make a new request to your application, your middleware will trigger and redirect them to the login page.

我想如果你真的想阻止这种行为，你可以使用一些 JavaScript 等来发送一个 ajax 请求并检查用户是否以这种方式登录，但从安全的角度来看毫无用处.

I guess if you really wanted to stop this behavior you could use some JavaScript and such to send an ajax request and check if the user is logged in that way, but quite useless from a security point of view.