Safari on iOS: Using the browser back button after redirect reveals full post content #70
Description
Describe the bug
When using the Limit Post Views Add On on a mobile device (Safari on iOS), users can bypass the view restriction by pressing the browser's back button after being redirected to the “no access” message page.
After the redirect occurs, tapping “back” loads the previously viewed post directly from Safari’s cache, allowing the full content to display—even though the user has exceeded their allowed post views.
This behavior appears limited to Safari on iOS devices.
A developer suggested that forcing a page reload via JavaScript could resolve this issue, since it seems to be Safari-specific caching behavior.
To Reproduce
Steps to reproduce the behavior:
- On an iOS device, open Safari.
- Visit a restricted post on a site using the Limit Post Views Add On.
- Exceed your allowed view limit to trigger the redirect to the “no access” page.
- Tap the Back button in Safari.
- Observe that the full post content is shown again, despite the limit being reached.
Screenshots
Video Available in Slack
Expected behavior
After the redirect occurs, pressing the browser back button should not reveal the restricted post content.
Instead, the user should either:
Stay on the “no access” message page, or
Be redirected again if Safari attempts to load the cached post view.
Isolating the problem (mark completed items with an [x]):
- [ x] I have deactivated other plugins and confirmed this bug occurs when only Paid Memberships Pro plugin is active.
- [x ] This bug happens with a default WordPress theme active, or Memberlite.
- [ x] I can reproduce this bug consistently using the steps above.
WordPress Environment
WP 6.8.3
PMPro 3.6.3
LPV 1.0.2