That's one way of logging someone out. I believe you can also just delete the session variables, which has the same affect as the user coming in fresh. You can't keep something in the user's local cache from being displayed. You can use all of the usual tricks, however, to try to make the page uncachable. I don't see the problem, even if the user can pull up the page in his cache. If the cached page was a form, for example, and the user tried to submit it, then the form-handler page will catch the non-logged in status and force the user to log back in. Jim -----Original Message----- From: Chris Giminez <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Wednesday, May 10, 2000 8:24 PM Subject: prevent back after logoff >I have a password protected section and have created a logoff link. > >Tell me if this is the right way to do this and how can I overcome the one problem: > >The logoff link goes to a page called logoff.cfm. Logoff.cfm contains ><cfset session.status = "logoff"> ><cflocation url="index.cfm"> > >application.cfm contains > <cfif session.status is "logoff"> > <cflocation url="../login/index.cfm"> >(Back to the login page) > >This seems to be working well. Is this the best way to do it? > >The one problem is that after logging out, the user can hit the back button and still access the >secure page even though they're logged out. The application.cfm is not being called because the page >is cached in the browser. > >How can I prevent the use of the back button or force application.cfm to be called instead of the >cached page being displayed? > >Thanks, > >Chris Giminez >Owner - Cyber Scriber Web Site Design >831-728-4469 >ICQ# 2628000 ------------------------------------------------------------------------------ Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
