7 Replies Latest reply on Mar 3, 2009 12:11 AM by Catalin Marcu

    Strange sittuation regarding security

    Catalin Marcu Newbie

      Hi there,

      We've built a web application using Seam, JSF and JEE. We used seam security for the security part of this application. One of our customers reported that after he logged in using his credentials the home page obtained is not his homepage but other's customer homepage. This seamed strange to me at first time and I tended to not belive the customer because I could not reproduce this error. After a while, another customer reported the same problem and this time I knew there is a real problem. So, after some researches I manage to reproduce the error using 2 different computers (with 2 different IPs) trying to map a real sittuation of 2 different customers. Lets suppose Customer A is one client and Customer B is another having different credentials. I'm trying to explayn bellow what is happening:

      1. Client A successfully login being forwarded to HIS home page of the application

      2. After the successfully login of customer A, Customer B login successfully using his credentials and is forwarded to HIS home page of the application (until now, everything is OK)

      3. Customer A press the back button of his browser to go back to the login page and enter again his credentials

      4. Customer A is forwarded to the homepage of customer B!!!

      This sittuation appears only when the back button is used as described above.

      Anyone knows a solution for this problem?

      Thanks in advance,

      PS: Seam version used: 2.0.3.CR1, JSF 1.2, glassfish V2 U2