Re: login security issue
Re: login security issue
- Subject: Re: login security issue
- From: Dev WO <email@hidden>
- Date: Thu, 13 Jul 2006 11:02:17 +0200
I don't mean to be bad;)
but autocomplete isn't part of (X)HTML, so using it will make your
page "not valid". Which may not be an issue for you but it prevent
you from:
-having a page accessible for people with disabilities (Double-A and
Triple-A require a valid page)
It may also be an issue depending on the laws in your area, for
example in Europe, all public related website has to be Simple-A (so
you can "afford" not te be valid) but should target Double-A (which
require a valid page).
All this standard stuff aside, I'm not sure Thomas is having issue
with caching or autocomplete.
I think you're not destroying the session when the user logout.
Just make sure the session is terminated in your code.
Xavier
If you set the headers to disallow caching it should prevent what
Thomas is describing. However, if the user allowed the browser to
save their password, there is nothing you can do.
Yes there is: add autocomplete="OFF" to your <form> tag.
--
Cliff Tuel . http://apple.com/services/technicalsupport
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40anazys.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden