On Wed, Dec 19, 2007 at 04:58:49PM +0000, Dorothea Salo wrote: > On Dec 19, 2007 10:30 AM, <[EMAIL PROTECTED]> wrote: > > We are running DSpace 1.4 and I have just noticed a serious issue with the > > authentication. We are using the default implementation with the email > > address/password based login. I have noticed that when I logout and then > > click to go onto any other page on our DSpace site it comes up in the top > > left corner that I am still logged in. > > I suspect that this is the browser cache at work; I often have it > return authentication-required visited pages after I log out or my > session expires. I'm not sure what DSpace could do about that except > for no-cache tricks that break the Back button entirely (which would > be a bad, bad idea).
Yes this is correct; it's a browser issue. After you log out, you are actually logged out, but (eg) firefox will try to be clever about not re-requesting pages that it has cached. Of course, if you try to do anything that requires you being logged in, you will be prompted to do so; your browser can't subvert that process. Most apps try to get around this by asking you to shut down your browser (which would clear the cache), but DSpace doesn't bother. You could modify the logged-out.jsp to include this message if you feel it's important for your repository. The only potential issue is that someone could potentially *see* what you were looking at before you logged out; they wouldn't be able to *do* anything though. cheers, Jim -- James Rutherford | Hewlett-Packard Limited registered Office: Research Engineer | Cain Road, HP Labs | Bracknell, Bristol, UK | Berks +44 117 312 7066 | RG12 1HN. [EMAIL PROTECTED] | Registered No: 690597 England The contents of this message and any attachments to it are confidential and may be legally privileged. If you have received this message in error, you should delete it from your system immediately and advise the sender. To any recipient of this message within HP, unless otherwise stated you should consider this message and attachments as "HP CONFIDENTIAL". ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
