Hi,
I should have mentioned in my last reply that it is still the responsibility
of your application to ensure that sensitive content is protected - using
session parameters, or whatever. The solution I presented is for the
client-side issue.
Cheers
Adrian
----- Original Message -----
From: Enke Michael <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 16, 2001 1:53 PM
Subject: Re: session-invalidator and back-button?
> But if I use e-mail or banking over internet,
> it is not possible to get the last page back.
> And there is no extra window, the back button is selectable.
> The server answers that an error occured or that
> I have to login again.
>
> Is there a way in cocoon other than spawning another browser window?
>
> Michael
>
> Adrian Geissel wrote:
> >
> > Hi Michael,
> >
> > I believe that the only way to solve such an issue is to 'run' the
protected
> > portion of your website in a spawned browser window, and then when the
user
> > log's out, to close that window. This will ensure that the Back history,
> > which is local to a browser window, cannot be access with permission.
> >
> > Hope that this helps,
> > Adrian
> >
> > ----- Original Message -----
> > From: Enke Michael <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, August 16, 2001 11:46 AM
> > Subject: session-invalidator and back-button?
> >
> > > Hi,
> > > I tryed the web-application demo from cocoon2
> > > where a login and logout can be performed.
> > > But after logout if I press the back button of my browser
> > > I get back into protected area without authorization.
> > > How can this be avoided?
> > >
> > > Michael
> > >
> > > ---------------------------------------------------------------------
> > > Please check that your question has not already been answered in the
> > > FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
> > >
> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> > > For additional commands, e-mail: <[EMAIL PROTECTED]>
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > Please check that your question has not already been answered in the
> > FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
> >
> > To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> > For additional commands, e-mail: <[EMAIL PROTECTED]>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
>
> To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
