Security

I

Indu

Hi,

I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?

Is there a way, that if the person clicks the back button or access a
browser history, how can I make sure that the latest page is displayed
instead of just the cache. Or, clicking the back/history should
refresh that page.

If this is in any FAQs, could anyone direct me to the right one.

thanks,

Indu
 
T

Thomas 'PointedEars' Lahn

Indu said:
I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?
Click to expand...

Use POST requests and server-side sessions.

Google is your friend. [psf 6.1]


PointedEars
 
I

Indu

I am using POST request, and server side sessions. When you click
back/next buttons on the browser, no request is made, and the browser
shows the page.

Is there a way to refresh/reload the page when a person clicks a back
button?

thanks,

Indu
 
E

Evertjan.

Indu wrote on 30 jan 2006 in comp.lang.javascript:
I am using POST request, and server side sessions. When you click
back/next buttons on the browser, no request is made, and the browser
shows the page.
Click to expand...

Please quote what you are replying to.

If you want to post a followup via groups.google.com, don't use the
"Reply" link at the bottom of the article. Click on "show options" at the
top of the article, then click on the "Reply" at the bottom of the article
headers. said:
Is there a way to refresh/reload the page when a person clicks a back
button?
Click to expand...

No.
 
T

Thomas 'PointedEars' Lahn

Indu said:
I am using POST request, and server side sessions. When you click
back/next buttons on the browser, no request is made, and the browser
shows the page.
Click to expand...

Not here.
Is there a way to refresh/reload the page when a person clicks a back
button?
Click to expand...

No.


PointedEars
 
T

Thomas 'PointedEars' Lahn

Jasen said:
don't use HTTP for your security. (implement a login form...)
Click to expand...

That is not possible with a Web application. HTTPS, which you probably
mean, is merely HTTP over SSL/TLS.


PointedEars
 
T

Thomas 'PointedEars' Lahn

Jasen said:
no, not what I mean at all, I mean don't use HTTP authenticcation. use a
login form and a server based session.
Click to expand...

However, this recommendation is not well founded. In fact, HTTP
Authentication provides less attack points than server-side programming
does, and it does not require server-side programming. Both approaches
have their drawbacks, of course.

Still, I wonder how you got the idea that the OP is using HTTP
Authentication in the first place.


PointedEars
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Partially completed coding of loop script, need help finishing. 0
Only one table shows up with the information 2
Login form no longer working 2
JS querySelector addEventListenerer index getElementsByClassName parent div only 1
Security error" code: "1000 8
Need help again please 19
Matrix API and Google TTS Integration with location tracker in android app 0

Members online

Total: 24 (members: 1, guests: 23)
Robots: 206

Forum statistics

Threads
473,773
Messages
2,569,594
Members
45,122
Latest member
VinayKumarNevatia_

Latest Threads

Top