How to open a secure aspx page in a window without 'chrome'

[Guest]

Hi,
I am hoping this is a foolish or simple question.
I am creating a multiuser app. consisit of a login page and a dataentry
page. If the user leaves the data entry page (other than exiting the
browser). I want them to 'have' to go back through the login screen and
re-login.

My problem is the browser's (IE 6) Back and Forward buttons.
If the user clicks the Back button from the data entry screen they go to the
login in screen and if they click the Forward button from there, they arrive
at the data entry screen without loggin in.
I have tried messing with cache and cannot seem to prevent this.

For now I have them enter the app via a html page (splach screen) which then
does an open.window to launch the app in a chrome-less window. Works great,
but I have the initial splash screen html page still open.

All suggestions are appreciated! I know I must be missing something in the
security concept.

 

[Daniel Fisher\(lennybacon\)]

have you ever hit [alt] + [arrow left] ?

what you can do is call

opener.close();

maybe...

 

[Guest]

Thank you for your response.

I put opener.close() in today.
It does what I want, if I could just get rid of the 'are you sure' message.

Learn something new everyday. I had never used Alt + arrow R/L before. I
am working on a limited user intra net app. and I suspect most (none) know of
the keyboard shortcut either.

have you ever hit [alt] + [arrow left] ?

what you can do is call

opener.close();

maybe...

--
Daniel Fisher(lennybacon)
MCP ASP.NET C#
Blog: http://www.lennybacon.com/

Hi,
I am hoping this is a foolish or simple question.
I am creating a multiuser app. consisit of a login page and a dataentry
page. If the user leaves the data entry page (other than exiting the
browser). I want them to 'have' to go back through the login screen and
re-login.

My problem is the browser's (IE 6) Back and Forward buttons.
If the user clicks the Back button from the data entry screen they go to
the
login in screen and if they click the Forward button from there, they
arrive
at the data entry screen without loggin in.
I have tried messing with cache and cannot seem to prevent this.

For now I have them enter the app via a html page (splach screen) which
then
does an open.window to launch the app in a chrome-less window. Works
great,
but I have the initial splash screen html page still open.

All suggestions are appreciated! I know I must be missing something in
the
security concept.

 

[Guest]

For those who may be interested, my real problem was the the back button
bypassing authentication.

The finall resolution was to disable Caching in code on the Form_Load event
(it must run on every form load event); and to compare time stamps (one in
view state and one in Session State) in the form load event to verify they
are the same.
Works great (Ref: Murach's ASP.Net, Chapter 19, "Back-Button Control")

Disable Cache on Form_Load event
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetExpires(Now().AddSeconds(-1)
Response.Cache.SetNoStore()
Response.AddHeader("Pragma", "no-cache")

If IsExpired() then
Response.Redirect("expired.aspx")
Else
SaveTimeStamps()
End If


Private Function IsExpired() as Boolean
If Session("Doc_TimeStamp") Is Nothing then
return False
elseif ViewState("TimeStamp") Is Nothing then
return False
elseif ViewState("TimeStamp").ToString = Session("Doc_TimeStamp").ToString
then
return False
else
return True
End If
End Function

Private Sub SaveTimeStamps()
Dim dTime as DateTime = Now()
ViewState.Add("TimeStamp"), dTime)
Session.Add("Doc_TimeStamp"), dTime)
End Sub

Hope this helps someone else.

Thank you for your response.

I put opener.close() in today.
It does what I want, if I could just get rid of the 'are you sure' message.

Learn something new everyday. I had never used Alt + arrow R/L before. I
am working on a limited user intra net app. and I suspect most (none) know of
the keyboard shortcut either.

have you ever hit [alt] + [arrow left] ?

what you can do is call

opener.close();

maybe...

--
Daniel Fisher(lennybacon)
MCP ASP.NET C#
Blog: http://www.lennybacon.com/

Hi,
I am hoping this is a foolish or simple question.
I am creating a multiuser app. consisit of a login page and a dataentry
page. If the user leaves the data entry page (other than exiting the
browser). I want them to 'have' to go back through the login screen and
re-login.

My problem is the browser's (IE 6) Back and Forward buttons.
If the user clicks the Back button from the data entry screen they go to
the
login in screen and if they click the Forward button from there, they
arrive
at the data entry screen without loggin in.
I have tried messing with cache and cannot seem to prevent this.

For now I have them enter the app via a html page (splach screen) which
then
does an open.window to launch the app in a chrome-less window. Works
great,
but I have the initial splash screen html page still open.

All suggestions are appreciated! I know I must be missing something in
the
security concept.