Hi buddy.,
This is community project...so nothing is
personal:-)..i apologize is my words sounded so...
Have good time..
--- "Morrison, John" <[EMAIL PROTECTED]>
wrote: > Ah, my apologies - I missed the 'logged out'
bit...
>
> > -----Original Message-----
> > From: java guru [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, 16 August 2001 2:12 pm
> > To: [EMAIL PROTECTED]
> > Subject: RE: session-invalidator and back-button?
> >
> >
> > What do u mean?..the original question was "once
> he
> > logged out(which means the session is expired
> > purposefully) and push back button, the page is
> still
> > diplayed(from browser cache)"..
> >
> > According to this the session is programatically
> > expired on logout so there is no session
> information
> > stored on server..and even if the browser try to
> get
> > the page from server, it would fail as the session
> is
> > already expired...
> >
> > This is done very frequently in banking and public
> > email systems...
> >
> > Again correct me if wrong..
> >
>
> Hey, please take it easy - it wasn't anything
> personal!
>
> >
> >
> > --- "Morrison, John"
> <[EMAIL PROTECTED]>
> > wrote: > No reason - if you expire the page then
> it
> > will try
> > > and get it again from
> > > the server, if the session is still OK which
> keeps
> > > your password you won't
> > > be asked for it again. T'was just a though...
> > >
> > > > -----Original Message-----
> > > > From: java guru
> [mailto:[EMAIL PROTECTED]]
> > > > Sent: Thursday, 16 August 2001 2:02 pm
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: session-invalidator and
> back-button?
> > > >
> > > >
> > > > Hi.,
> > > > Correct me if i am wrong...why not use page
> > > > expiration time in http headers?..
> > > >
> > > >
> > > > --- "Morrison, John"
> > > <[EMAIL PROTECTED]>
> > > > wrote: > If you use the
> > > javascript:location.replace (I
> > > > > *think* that's what its
> > > > > called) I don't *believe* that the new page
> is
> > > added
> > > > > to the history...
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Enke Michael
> > > > > [mailto:[EMAIL PROTECTED]]
> > > > > > Sent: Thursday, 16 August 2001 1:54 pm
> > > > > > To: [EMAIL PROTECTED]
> > > > > > Subject: Re: session-invalidator and
> > > back-button?
> > > > > >
> > > > > >
> > > > > > But if I use e-mail or banking over
> internet,
> > > > > > it is not possible to get the last page
> back.
> > > > > > And there is no extra window, the back
> button
> > > is
> > > > > selectable.
> > > > > > The server answers that an error occured
> or
> > > that
> > > > > > I have to login again.
> > > > > >
> > > > > > Is there a way in cocoon other than
> spawning
> > > > > another browser window?
> > > > > >
> > > > > > Michael
> > > > > >
> > > > > > Adrian Geissel wrote:
> > > > > > >
> > > > > > > Hi Michael,
> > > > > > >
> > > > > > > I believe that the only way to solve
> such an
> > > > > issue is to
> > > > > > 'run' the protected
> > > > > > > portion of your website in a spawned
> browser
> > > > > window, and
> > > > > > then when the user
> > > > > > > log's out, to close that window. This
> will
> > > > > ensure that the
> > > > > > Back history,
> > > > > > > which is local to a browser window,
> cannot
> > > be
> > > > > access with
> > > > > > permission.
> > > > > > >
> > > > > > > Hope that this helps,
> > > > > > > Adrian
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: Enke Michael
> > > > > <[EMAIL PROTECTED]>
> > > > > > > To: <[EMAIL PROTECTED]>
> > > > > > > Sent: Thursday, August 16, 2001 11:46 AM
> > > > > > > Subject: session-invalidator and
> > > back-button?
> > > > > > >
> > > > > > > > Hi,
> > > > > > > > I tryed the web-application demo from
> > > cocoon2
> > > > > > > > where a login and logout can be
> performed.
> > > > > > > > But after logout if I press the back
> > > button of
> > > > > my browser
> > > > > > > > I get back into protected area without
> > > > > authorization.
> > > > > > > > How can this be avoided?
> > > > > > > >
> > > > > > > > Michael
> > > > > > > >
> > > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
---------------------------------------------------------------------
> > > > > > > > Please check that your question has
> not
> > > > > already been
> > > > > > answered in the
> > > > > > > > FAQ before posting.
> > > > > <http://xml.apache.org/cocoon/faqs.html>
> > > > > > > >
> > > > > > > > To unsubscribe, e-mail:
> > > > > <[EMAIL PROTECTED]>
> > > > > > > > For additional commands, e-mail:
> > > > > > <[EMAIL PROTECTED]>
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
---------------------------------------------------------------------
> > > > > > > Please check that your question has not
> > > already
> > > > > been answered in the
> > > > > > > FAQ before posting.
> > > > > <http://xml.apache.org/cocoon/faqs.html>
> > > > > > >
> > > > > > > To unsubscribe, e-mail:
> > > > > <[EMAIL PROTECTED]>
> > > > > > > For additional commands, e-mail:
> > > > > <[EMAIL PROTECTED]>
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
---------------------------------------------------------------------
> > > > > > Please check that your question has not
> > > already
> > > > > been answered in the
> > > > > > FAQ before posting.
> > > > > <http://xml.apache.org/cocoon/faqs.html>
> > > > > >
> > > > > > To unsubscribe, e-mail:
> > > > > <[EMAIL PROTECTED]>
> > > > > > For additional commands, e-mail:
> > > > > <[EMAIL PROTECTED]>
>
=== message truncated ===
=====
Thanks and have great day
srini
____________________________________________________________
Do You Yahoo!?
Send a newsletter, share photos & files, conduct polls, organize chat events. Visit
http://in.groups.yahoo.com.
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
