473,324 Members | 2,370 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Deactivate the effect of back button

Hello,
I have a site that asks for user and password to connect it. When the user
pushs de LogOut button and later another user pushs the back button of the
explorator he can entry in the page of first user without user and pass.
How can I correct this serious error?

Thanks,
Catalin
Nov 23 '05 #1
6 3269
Catalin Lungu wrote:
I have a site that asks for user and password to connect it. When the user
pushs de LogOut button and later another user pushs the back button of the
explorator he can entry in the page of first user without user and pass.
How can I correct this serious error?


Ask the user to close the browser after logging out. This should always be
done in an environment where multiple users share the same computer (i.e.
internet cafe), to get rid of session cookies and other private data.
If the user fails to follow this rule, he is responsible for any damage
happening, just like not keeping the password in a save place.

--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/
Nov 23 '05 #2
Edd
Though I don't know the way to do this, isn't there a header you can
set that forces pages to 'expire' when you click back to them? Someone
may be able to clarify this here...just a thought!

Nov 23 '05 #3
Benjamin Niemann <pi**@odahoda.de> writes:
Catalin Lungu wrote:
I have a site that asks for user and password to connect it. When the user
pushs de LogOut button and later another user pushs the back button of the
explorator he can entry in the page of first user without user and pass.
How can I correct this serious error?


Ask the user to close the browser after logging out. This should always be
done in an environment where multiple users share the same computer (i.e.
internet cafe), to get rid of session cookies and other private data.


I am in complete agreement with this recommendation. Just a nit:
Logging out should have gotten rid of the associated cookie or the
server-side software is not working properly. It is still a good idea
for the user to close the browser to get rid of cookies that go with
sites they did not log out of.
Nov 23 '05 #4
Catalin Lungu wrote:
Hello,
I have a site that asks for user and password to connect it. When the user
pushs de LogOut button and later another user pushs the back button of the
explorator he can entry in the page of first user without user and pass.
How can I correct this serious error?


This really isn't an error if the clients logs out then the cookies or
session should be destroyed. Now if the client goes back (by pressing
the back button) the clients is seeing a cached page if the client
refreshs the page or clicks a link it should ask for the clients
password.

If you take the steps to make sure there is no specific data showing
(i.e. password) then in theory it should be relatively secure.

Nov 23 '05 #5
Edd wrote:
Though I don't know the way to do this, isn't there a header you can
set that forces pages to 'expire' when you click back to them? Someone
may be able to clarify this here...just a thought!


I *think* that pages marked as 'not privately cacheable' *should* re-request
it, when you go back to it. But I would not rely on this behaviour, unless
I am *very* confident that browsers implement this correctly.

--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/
Nov 23 '05 #6
Tim
On Tue, 15 Nov 2005 12:56:23 +0100, Benjamin Niemann sent:
Ask the user to close the browser after logging out. This should always be
done in an environment where multiple users share the same computer (i.e.
internet cafe), to get rid of session cookies and other private data.


People don't often realise that more is required than closing the window
showing the page they've logged into. They've got to quit all instances
of browser windows to end a browsing session.

--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please destroy some files yourself.

Nov 23 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Jenny | last post by:
Need urgent help for an unsolved problem. In our ASP web application, we creat a Back button and if user click on this button, it execute history.go(-1) to go back to the previous page. All our...
5
by: Maxine G | last post by:
I have two forms, a menu and a data entry form. The entry form is bound to a query against linked SQL server tables. In the deactivate event, I have some code which asks the user if they want to...
9
by: kai | last post by:
Hi, All I create an ASP.NET page, it contains FirstName textbox and LastName textbox. I setup "enableViewState=false" in page directive. When I enter data in FirstName and LastName textbox,...
1
by: mailmeramya13 | last post by:
hey , i want to deactivate the f5 button and refresh button and also the close button of the browser. how to work with it. how touse the keycode for this. any body plzzzzzzzzzzzz help. ...
4
Marty1963
by: Marty1963 | last post by:
I was 'playing' with rollover buttons in CSS, using an image background. Works beautifully ... until you click on the button. The 'visited' state stops the rollover effect. Can someone, with more...
0
by: sagarp86 | last post by:
How to lock / deactivate "Refresh" and "Back" button on browser. Problem is in voting application. Once we click for a vote application goes to next page and increament one vote in the database....
0
by: ofzer | last post by:
Hi .. I wrote a windows application in perl/tk. I would like to deactivate parent windows when I open new one. for example : lets say I am in the main window now and I press on the...
5
by: Andrew Morton | last post by:
Is it possible to make a form deactivate itself without minimizing it? I have written a small utility which copies selected files from CDs (hundreds of them). I put a CD in the tray and click a...
3
by: Beamer | last post by:
Hi I am trying to build a roating slide effect in javascript. Basically, I have a list like below <ul id="slideShowCnt"> <li id="slide0"><img .../></li> <li id="slide0"><img .../></li> <li...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.