3 Replies Latest reply on Jun 19, 2007 11:04 AM by smurfs

    back-buttoning after logging out

    hstang Jun 14, 2007 3:14 PM

      I noticed that in my particular Seam application, back-buttoning is allowed after a user logouts which is concerning because if the user goes out for a bathroom break and someone uses his computer, he can see data he's not allowed to. When I try this with my bank online, it gives a "session timeout" error message if I try this, which is a reasonable security precaution.

      Is there any way I can achieve this kind of feature?

      • 1860 Views
      • Tags:
        • 1. Re: back-buttoning after logging out
          monkeyden
          monkeyden Jun 14, 2007 4:02 PM (in response to hstang)

          Did you try the meta tags?

          <meta content="0" http-equiv="EXPIRES"></meta>
<meta content="NO-CACHE" http-equiv="PRAGMA"></meta>
<meta content="NO-CACHE" http-equiv="CACHE-CONTROL"></meta>


            • Actions
          • 2. Re: back-buttoning after logging out
            hstang Jun 14, 2007 4:11 PM (in response to hstang)

            Yes I did. Were you able to solve this problem?

              • Actions
            • 3. Re: back-buttoning after logging out
              smurfs
              smurfs Jun 19, 2007 11:04 AM (in response to hstang)

              Back- and forward-navigation between 'secure' pages will only be restricted after logging out if you have specify the page property login-required="true" for those pages you do not want the browser to cache in memory.

              For example (in pages.xml):

              <page view-id="/homepage.xhtml" login-required="true">
...
</page>


              If you log-out from a page (or pages) that does(do) not have this attribute set to true you will be able to navigate back and forth which is the correct behaviour IMHO.


                • Actions