I usually add a snippet like this: <script language="JavaScript"><!-- javascript:window.history.forward(1); //--></script>
to all the pages in an application which should not be accessible from the back button - like form screens in a wizard process. It's very much a quick and dirty solution, but it does work. /t >-----Original Message----- >From: Chris Jensen [mailto:[EMAIL PROTECTED] >Sent: Sunday, January 09, 2005 11:15 PM >To: CF-Talk >Subject: Re: General Security Discussion. > >> Plus: >> After you log a user out of an site, in the application.cfm >file clear their CFID, CFTOKEN, JSESSIONID, and session, then >do a cflocate to the index page of the site and that *should* >prevent the back-button from letting anyone view secure pages >(if you have everything else setup right). > >I don't think this won't completely eliminate the back >problem. In most >browsers, the user can click on an arrow or something on the >back button >to get a history and jump back to any page in the history. >You can also sometimes get around this by just hitting back twice >quickly in succession. > >The best way around this is to close the browser window, if it's >intranet you could try just making it policy that uisers close after >logging out, or if that doesn't take off, use java script to forcibly >close the window. (This seems to be how most internet banking >sites deal >with the issue) > >Though even this won't completely solve problems, as some >browsers will >get the user to confirm the close command, or even ignore it >completely. > >-- > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:189787 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
