Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

login security issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

login security issue

Subject: login security issue
From: Thomas Pelaia II <email@hidden>
Date: Wed, 12 Jul 2006 16:13:29 -0400

Hi,

I have a WebObjects application in which people login using their username and password on the main page. The problem is that when users log out, and the session terminates, if the user then hits the browser's back button the browser asks if the user wants to resubmit form data and then it proceeds to log the user back in from the login information the browser has apparently stored. This is bad in a public environment where people log out but often leave their browsers open.

I have verified that the session is in fact destroyed upon termination and that the web browser is in fact resubmitting the user login data.

Is there a way to prevent browsers from resubmitting the login information?

thanks,

-tom

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: login security issue
  - From: Miguel Arroz <email@hidden>

Prev by Date: Re: Re: WWDC WO Meet
Next by Date: Re: login security issue
Previous by thread: Re: Log Webobjects on Windows 2003
Next by thread: Re: login security issue
Index(es):
- Date
- Thread