Click here to get back home

Deactivate the effect of back button
 HomeNewsGroups | Search | About
Login Password
Register Now! Lost Password?
 comp.infosystems.www.authoring.html    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Deactivate the effect of back button Catalin Lungu 11-15-2005
Get Chitika Premium
Posted by Catalin Lungu on November 15, 2005, 8:48 am
Please log in for more thread options

Hello,
I have a site that asks for user and password to connect it. When the user
pushs de LogOut button and later another user pushs the back button of the
explorator he can entry in the page of first user without user and pass.
How can I correct this serious error?

Thanks,
Catalin



Posted by Edd on November 15, 2005, 5:58 am
Please log in for more thread options

Though I don't know the way to do this, isn't there a header you can
set that forces pages to 'expire' when you click back to them? Someone
may be able to clarify this here...just a thought!


Posted by Benjamin Niemann on November 15, 2005, 10:08 pm
Please log in for more thread options


Edd wrote:

> Though I don't know the way to do this, isn't there a header you can
> set that forces pages to 'expire' when you click back to them? Someone
> may be able to clarify this here...just a thought!

I *think* that pages marked as 'not privately cacheable' *should* re-request
it, when you go back to it. But I would not rely on this behaviour, unless
I am *very* confident that browsers implement this correctly.

--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/

Posted by logic_earth on November 15, 2005, 9:47 am
Please log in for more thread options


Catalin Lungu wrote:
> Hello,
> I have a site that asks for user and password to connect it. When the user
> pushs de LogOut button and later another user pushs the back button of the
> explorator he can entry in the page of first user without user and pass.
> How can I correct this serious error?

This really isn't an error if the clients logs out then the cookies or
session should be destroyed. Now if the client goes back (by pressing
the back button) the clients is seeing a cached page if the client
refreshs the page or clicks a link it should ask for the clients
password.

If you take the steps to make sure there is no specific data showing
(i.e. password) then in theory it should be relatively secure.


Posted by Benjamin Niemann on November 15, 2005, 12:56 pm
Please log in for more thread options


Catalin Lungu wrote:

> I have a site that asks for user and password to connect it. When the user
> pushs de LogOut button and later another user pushs the back button of the
> explorator he can entry in the page of first user without user and pass.
> How can I correct this serious error?

Ask the user to close the browser after logging out. This should always be
done in an environment where multiple users share the same computer (i.e.
internet cafe), to get rid of session cookies and other private data.
If the user fails to follow this rule, he is responsible for any damage
happening, just like not keeping the password in a save place.

--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/

Similar ThreadsPosted
Back button functionality May 20, 2005, 7:27 am
Back-button problems on certain web sites February 21, 2005, 8:32 pm
Back button interferes with navigation - how can this be avoided? April 9, 2005, 3:36 pm
Using "standard redirects" so as not to "break the back button" August 22, 2006, 10:44 am
preserve POST data when using the back-button September 13, 2006, 8:14 pm
Framed Web Forwarding; Back Button Problem October 13, 2007, 6:19 am
Excluding page from back button history December 3, 2007, 5:42 am
Table width is broken when using back button in Internet Explorer July 28, 2005, 6:05 am
Loss of Form field contents when the browser BACK button is pressed November 25, 2004, 4:57 pm
User hits back button - has to enter form values from scratch January 31, 2008, 8:39 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap