struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paweł Wielgus <poulw...@gmail.com>
Subject Re: Back button after log out should not show secure content.
Date Tue, 09 Nov 2010 17:02:35 GMT
Hi all,
You can read some old tests about this problem here:
http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html
maybe they will help You.

Best greetings,
Paweł Wielgus.


2010/11/9 Maurizio Cucchiara <maurizio.cucchiara@gmail.com>:
> Probably I'm wrong, but don't you achieve this by disabling browser
> caching via http headers?
>
> 2010/11/9 Ken McWilliams <ken.mcwilliams@gmail.com>:
>> I know it depends on the browser but this is a best effort thing and am
>> looking for input on my current plan.
>>
>> When user signs on send the current date/time of the client along with
>> credentials and record the offset in the session (if any).
>>
>> All subsequent pages will have a hidden date/time field.  On page load
>> check that this field is within a small time frame (30s seconds), if it
>> is not then reload the page.
>>
>> Are there any tools for struts2 or methods other struts programers use
>> to address security after signing out?
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>
>
>
> --
> Maurizio Cucchiara
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message