montymoose
Posts: 85
|
| Posted: 11/11/2004, 4:26 AM |
|
If you’re using SSL encryption don’t bother reading this – you are still secure…
####################################
However if like me (and most other codecharge studio users) you rely on the usual login and logoff + HTTP Caching set to ‘no’ THIS IS FOR YOU!
I have a site with a secure area – on internet explorer and mozilla everything works fine – you click logoff and then can’t get back in. However in Safari and Omniweb (browsers on Apple Mac’s OS – OS X) the back button takes you straight back in – no matter if you’ve pressed logout or not.
Any suggestions on how to fix this?
Thanks
##################################
if someone has already fixed this and I havn't noticed the post - I apologise! :-s
|
 |
 |
peterr
Posts: 5971
|
| Posted: 11/11/2004, 3:51 PM |
|
There is nothing to fix since this is not a problem or bug.
I just signed up for Google AdWords (I don't use GMail), I logged in, then I viewed some private page that requires login, then I logged out, then I pressed Back button to come back to the private Google AdWord page, and I could still see it even when no longer being logged in. And I used IE 6.0 on Windows.
So if Google doesn't think that this is a problem that needs a fix, then why do you think that it is important security problem? And why should it be fixed?
I think that it is your choice how you implement your logout functionality.
Let me also add that some previous version of CCS was working little differently and each page was always refreshed - an important performance issue. This was fixed and now you can select in project properties if you want to use "Improved HTTP Caching" or not.
This is not related to security, but of course your example is one area where this option can affect you.
I will change your subject title since I don't see a reason to alarm people about a security issue that doesn't exist.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
|
