Hi Henry, The problem I noticed is if you go Back to the first page after login and make a refresh on that page you will be able to navigate again in your app as a new session is created 'cause refresh re-post the login data. Your app does that? Do you know any solution for this one? I think with some JavaScript you can erase the history of the Back button. I don;t recall exaclty the code but I'll look for it. What I want to know is if it's a good method as we know we shouldn't rely on user's settings (ex. Javascript not enabled).
Cezar -----Original Message----- From: Henry Voyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 7:30 PM To: [EMAIL PROTECTED] Subject: Whats the security trick for not permiting the browser back button on SignOut? Hi fellow Strutser I have implemented securityFilter (http://securityFilter.org) in my struts app. But once i log off i can press the browsers back button and go back to the users content page. He cant do any action since the securityFilter dont let him but he can still see the pages he already accessed. i would like to know how to implement the redirection to signIn page for the browser back button once he SignOut. I have seen the examples of the Apache Admin site and the security app examples but i cant find how they do this. So guys whats the trick? Regards and thanks for all those who worked on the securityFilter and struts examples. _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.509 / Virus Database: 306 - Release Date: 8/12/2003 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
