We have a Web application that displays sensitive data. The problem we face is that when a user leaves the session open, or logs off the session, other people, when present at this user's desktop, can still manage to see the data by going "back" or to the cached data. Normally a session will expire in 20 minutes if is not touched. Using JavaScript to close the browser window requires the user to confirm it unless the original window was spawned from another window. It seems impossible to access the cookie. Maybe deleting cached data? Though Hotmail has just had a security blow recently, but normally you can not look at any cached data once you log out. I don't know how this is implemented. Is it possible to use a servlet to address this security problem? It would be highly appreciated if someone could help. Best regards, Nathaniel ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
