logout validation


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 5 of 5

Thread: logout validation

  1. #1
    Iam5Leo Guest

    logout validation


    Even after the User logouts the web application, he can hit the back button
    on the browser and able to work normally without actually logging in. Please
    advice.

    thanks.

    Leo

  2. #2
    Q*bert Guest

    Re: logout validation


    In my .asp days I would just create a session variable that was alive for
    the duration of the session. When the user logged out I would set that session
    variable to "". On each page, I would have an include file that simply validated
    that the session variable was not set to "" before it did any processing.
    So in your example, they would be able to hit the back button and see the
    history, but if they tried to follow any links or do anything, they would
    be prompted to login again. The back button is just hitting local cache.
    so unless you "clear the cache," I don't think there is a way to prevent
    users from using back.
    Although, a cached page timeout of 0 time might force the reload of the page
    so the user couldn't easily go back...

    Just my 2 cents
    Q*bert


    "Iam5Leo" <reachsyed@hotmail.com> wrote:
    >
    >Even after the User logouts the web application, he can hit the back button
    >on the browser and able to work normally without actually logging in. Please
    >advice.
    >
    >thanks.
    >
    >Leo



  3. #3
    Iam5leo Guest

    Re: logout validation


    No this is not going to help as we are not using session's.


  4. #4
    Q*bert Guest

    Re: logout validation


    It would work with cookies too.
    Other than that, I don't have any ideas.


    Q*bert

    "Iam5leo" <reachsyed@hotmail.com> wrote:
    >
    >No this is not going to help as we are not using session's.
    >



  5. #5
    andrew Guest

    Re: logout validation


    "Q*bert" <luke_davis_76@hotmail.com> wrote:
    >
    >It would work with cookies too.
    >Other than that, I don't have any ideas.
    >
    >
    >Q*bert
    >
    >"Iam5leo" <reachsyed@hotmail.com> wrote:
    >>
    >>No this is not going to help as we are not using session's.
    >>

    >

    I discovered (in IE only) that on logout if you call window.open again
    using the same window name as the one you are on it will destroy all
    history knowledge.

    Very useful for your problem of ALWAYS being able to go back since it is
    locally cached and regardless of the expire or session setting it can still
    go back to this local cache.

    This way the actual window (memory?) contents must be overwritten/destroyed
    since there is no back option now.
    The other nice thing is that it does it in place so you don't see a window
    disappear then reappear!

    Hope this helps.
    Andrew

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center