login security issue
login security issue
- Subject: login security issue
- From: Thomas Pelaia II <email@hidden>
- Date: Wed, 12 Jul 2006 16:13:29 -0400
Hi,
I have a WebObjects application in which people login using their username and password on the main page. The problem is that when users log out, and the session terminates, if the user then hits the browser's back button the browser asks if the user wants to resubmit form data and then it proceeds to log the user back in from the login information the browser has apparently stored. This is bad in a public environment where people log out but often leave their browsers open.
I have verified that the session is in fact destroyed upon termination and that the web browser is in fact resubmitting the user login data.
Is there a way to prevent browsers from resubmitting the login information? |
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden