By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,963 Members | 1,714 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,963 IT Pros & Developers. It's quick & easy.

Security

P: n/a
Hi,

I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?

Is there a way, that if the person clicks the back button or access a
browser history, how can I make sure that the latest page is displayed
instead of just the cache. Or, clicking the back/history should
refresh that page.

If this is in any FAQs, could anyone direct me to the right one.

thanks,

Indu

Jan 30 '06 #1
Share this Question
Share on Google+
8 Replies


P: n/a
Indu wrote:
I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?


Use POST requests and server-side sessions.

Google is your friend. [psf 6.1]
PointedEars
Jan 30 '06 #2

P: n/a
I am using POST request, and server side sessions. When you click
back/next buttons on the browser, no request is made, and the browser
shows the page.

Is there a way to refresh/reload the page when a person clicks a back
button?

thanks,

Indu

Jan 30 '06 #3

P: n/a
Indu wrote on 30 jan 2006 in comp.lang.javascript:
I am using POST request, and server side sessions. When you click
back/next buttons on the browser, no request is made, and the browser
shows the page.
Please quote what you are replying to.

If you want to post a followup via groups.google.com, don't use the
"Reply" link at the bottom of the article. Click on "show options" at the
top of the article, then click on the "Reply" at the bottom of the article
headers. <http://www.safalra.com/special/googlegroupsreply/>
Is there a way to refresh/reload the page when a person clicks a back
button?


No.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jan 30 '06 #4

P: n/a
Indu wrote:
I am using POST request, and server side sessions. When you click
back/next buttons on the browser, no request is made, and the browser
shows the page.
Not here.
Is there a way to refresh/reload the page when a person clicks a back
button?


No.
PointedEars
Jan 30 '06 #5

P: n/a
On 2006-01-30, Indu <in******@gmail.com> wrote:
Hi,

I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?
don't use HTTP for your security. (implement a login form...)
Is there a way, that if the person clicks the back button or access a
browser history, how can I make sure that the latest page is displayed
instead of just the cache. Or, clicking the back/history should
refresh that page.


no. if they select "browse offline" they will get the local cache.

Bye.
Jasen
Feb 5 '06 #6

P: n/a
Jasen Betts wrote:
On 2006-01-30, Indu <in******@gmail.com> wrote:
I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?


don't use HTTP for your security. (implement a login form...)


That is not possible with a Web application. HTTPS, which you probably
mean, is merely HTTP over SSL/TLS.
PointedEars
Feb 5 '06 #7

P: n/a
On 2006-02-05, Thomas 'PointedEars' Lahn <Po*********@web.de> wrote:
Jasen Betts wrote:
On 2006-01-30, Indu <in******@gmail.com> wrote:
I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?


don't use HTTP for your security. (implement a login form...)


That is not possible with a Web application. HTTPS, which you probably
mean, is merely HTTP over SSL/TLS.


no, not what I mean at all, I mean don't use HTTP authenticcation. use a
login form and a server based session.

Bye.
Jasen
Feb 5 '06 #8

P: n/a
Jasen Betts wrote:
On 2006-02-05, Thomas 'PointedEars' Lahn <Po*********@web.de> wrote:
Jasen Betts wrote:
On 2006-01-30, Indu <in******@gmail.com> wrote:
I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?
don't use HTTP for your security. (implement a login form...)

That is not possible with a Web application. HTTPS, which you probably
mean, is merely HTTP over SSL/TLS.


no, not what I mean at all, I mean don't use HTTP authenticcation. use a
login form and a server based session.


However, this recommendation is not well founded. In fact, HTTP
Authentication provides less attack points than server-side programming
does, and it does not require server-side programming. Both approaches
have their drawbacks, of course.

Still, I wonder how you got the idea that the OP is using HTTP
Authentication in the first place.
PointedEars
Feb 6 '06 #9

This discussion thread is closed

Replies have been disabled for this discussion.