Hi guys,
Using the Turbine Security Manager today I noticed something odd. When I log
out, I am still able to use the back button to look at pages that should
have expired, because they are being fetched from the client's cache. When I
refreshed the page, I was presented with the login screen as I would expect.
This is quite a serious flaw if the data is very sensitive.
Surely the server should have set the response expiry so the browser always
tries to reload the page? I can't believe that this hasn't been brought up
before, so apologies in advance if it has...
Gareth
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
