I have a Go + HTMX web app. On the Login page, there’s a form that sends a POST request to the /login route, which is guarded by a middleware, which checks if the user is already logged in, and if that’s the case, redirects them to the Dashboard page.
The post /login handler, adds an HX-Location header, set to /dashboard, so that on successful login, the user is taken straight to the Dashboard page.
The problem is that if after login, the browser’s back button is pressed, the user is taken back to the Login page. Normally that’s guarded by the middleware, but since HTMX saves the page into localStorage, the browser doesn’t make a new request to the server, and instead serves the page from the localStorage, and so the guard isn’t implemented.
What’s the best way to work around this?