Hi Michael,
I believe that the only way to solve such an issue is to 'run' the protected
portion of your website in a spawned browser window, and then when the user
log's out, to close that window. This will ensure that the Back history,
which is local to a browser window, cannot be access with permission.
Hope that this helps,
Adrian
----- Original Message -----
From: Enke Michael <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 16, 2001 11:46 AM
Subject: session-invalidator and back-button?
> Hi,
> I tryed the web-application demo from cocoon2
> where a login and logout can be performed.
> But after logout if I press the back button of my browser
> I get back into protected area without authorization.
> How can this be avoided?
>
> Michael
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
>
> To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
