montymoose
Posts: 85
|
| Posted: 07/01/2004, 9:26 AM |
|
Hi,
Wondered whether anyone could help me. Either I’m being daft, or there is a bit of a security problem with logging out.
After clicking logout, you can log straight back in again by pressing the browser back button or clicking the history item in your browser’s history. Is there no way of ending the session when a user clicks logout, so if he/she then clicks ‘back’ it brings up the login page again - asking them to login again??
Thanks
|
 |
 |
peterr
Posts: 5971
|
| Posted: 07/01/2004, 11:42 AM |
|
The session is ended when users logout, however the browser may still cache the previous pages.
ASP enables the caching automatically, in PHP you can control it through the "Improved HTTP Caching" property of the project, not sure how .NET and Java handles this.
Usually you can refer to the documentation of that specific technology, or use META tags in the HTML to force specific caching.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
Don Safar
|
| Posted: 07/02/2004, 7:54 AM |
|
In php, I redirect logout to my home page which has logout function enabled.
If I click on browser back button, it sends me to login page. (I am not
using "Improved HTTP Caching" option in codecharge).
"montymoose" <montymoose@forum.codecharge> wrote in message
news:240e43b36244a5@news.codecharge.com...
> Hi,
>
> Wondered whether anyone could help me. Either I'm being daft, or there is
a bit
> of a security problem with logging out.
>
> After clicking logout, you can log straight back in again by pressing the
> browser back button or clicking the history item in your browser's
history. Is
> there no way of ending the session when a user clicks logout, so if he/she
then
> clicks 'back' it brings up the login page again - asking them to login
again??
>
> Thanks
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.codecharge.com/
>
|
|
|
|
montymoose
Posts: 85
|
| Posted: 07/02/2004, 10:14 AM |
|
Thanks people - one learns something new everyday! 
|
|
|
|
S.J. Lim
|
| Posted: 07/07/2004, 8:22 PM |
|
Quote Don Safar:
In php, I redirect logout to my home page which has logout function enabled.
How do you enable the logout function?
|
|
|
|
Don Safar
|
| Posted: 07/08/2004, 11:40 AM |
|
In the project explorer, select the form that you wish to add the logout
action to. In the toolbox select Authentication Builders (under Builders
tab). Select the "Logout Action on this Page" radio button, then click
finish. When you redirect here with Logout, the logout action will be
performed which will clear all session variables associated with login.
<S.J.Lim@forum.codecharge (S.J. Lim)> wrote in message
news:240ecbe0683d7e@news.codecharge.com...
> Quote Don Safar:
> In php, I redirect logout to my home page which has logout function
enabled.
>
>
> How do you enable the logout function?
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.codecharge.com/
>
|
|
|
|
bigtoe
Posts: 115
|
| Posted: 01/16/2005, 3:09 AM |
|
For the users I work with, we agreed on this - when the Logout
link is clicked - it actually Closes the current browser
window - unconditionally.
Other open browser windows stay open.
But if the current browser window is gone, so is its Back button.
It may be too harsh for some people.
The basic HTML code for it:
< INPUT TYPE = "button" VALUE = "This button Closes the current window." OnClick = "window.opener=null;window.close();" >
Data cached on the hard disk might still be there but here
we just wanted to deal with the obvious Back button issue.
|
|
|
|
|
