DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

+ Reply to Thread
Results 1 to 5 of 5
  1. 03-23-2003 11:20 PM #1
    Iam5Leo Guest

    logout validation


    Even after the User logouts the web application, he can hit the back button
    on the browser and able to work normally without actually logging in. Please
    advice.

    thanks.

    Leo
    Reply With Quote Reply With Quote
  2. 03-24-2003 08:51 AM #2
    Q*bert Guest

    Re: logout validation


    In my .asp days I would just create a session variable that was alive for
    the duration of the session. When the user logged out I would set that session
    variable to "". On each page, I would have an include file that simply validated
    that the session variable was not set to "" before it did any processing.
    So in your example, they would be able to hit the back button and see the
    history, but if they tried to follow any links or do anything, they would
    be prompted to login again. The back button is just hitting local cache.
    so unless you "clear the cache," I don't think there is a way to prevent
    users from using back.
    Although, a cached page timeout of 0 time might force the reload of the page
    so the user couldn't easily go back...

    Just my 2 cents
    Q*bert


    "Iam5Leo" <reachsyed@hotmail.com> wrote:
    >
    >Even after the User logouts the web application, he can hit the back button
    >on the browser and able to work normally without actually logging in. Please
    >advice.
    >
    >thanks.
    >
    >Leo

    Reply With Quote Reply With Quote
  3. 03-25-2003 07:20 AM #3
    Iam5leo Guest

    Re: logout validation


    No this is not going to help as we are not using session's.

    Reply With Quote Reply With Quote
  4. 03-25-2003 08:47 AM #4
    Q*bert Guest

    Re: logout validation


    It would work with cookies too.
    Other than that, I don't have any ideas.


    Q*bert

    "Iam5leo" <reachsyed@hotmail.com> wrote:
    >
    >No this is not going to help as we are not using session's.
    >

    Reply With Quote Reply With Quote
  5. 03-26-2003 05:16 PM #5
    andrew Guest

    Re: logout validation


    "Q*bert" <luke_davis_76@hotmail.com> wrote:
    >
    >It would work with cookies too.
    >Other than that, I don't have any ideas.
    >
    >
    >Q*bert
    >
    >"Iam5leo" <reachsyed@hotmail.com> wrote:
    >>
    >>No this is not going to help as we are not using session's.
    >>
    >
    I discovered (in IE only) that on logout if you call window.open again
    using the same window name as the one you are on it will destroy all
    history knowledge.

    Very useful for your problem of ALWAYS being able to go back since it is
    locally cached and regardless of the expire or session setting it can still
    go back to this local cache.

    This way the actual window (memory?) contents must be overwritten/destroyed
    since there is no back option now.
    The other nice thing is that it does it in place so you don't see a window
    disappear then reappear!

    Hope this helps.
    Andrew
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


Top DevX Stories

Easy Web Services with SQL Server 2005 HTTP Endpoints
JavaOne 2005: Java Platform Roadmap Focuses on Ease of Development, Sun Focuses on the "Free" in F.O.S.S.
Wed Yourself to UML with the Power of Associations
Microsoft to Add AJAX Capabilities to ASP.NET
IBM's Cloudscape Versus MySQL


Sponsored Links