Hey that is exactly what I needed... My boss came in and said "This all looks good but my bank does this..." so it was eureka on the the first line. Thank you!
On Tue, 2010-11-09 at 18:02 +0100, Paweł Wielgus wrote: > Hi all, > You can read some old tests about this problem here: > http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html > maybe they will help You. > > Best greetings, > Paweł Wielgus. > > > 2010/11/9 Maurizio Cucchiara <maurizio.cucchi...@gmail.com>: > > Probably I'm wrong, but don't you achieve this by disabling browser > > caching via http headers? > > > > 2010/11/9 Ken McWilliams <ken.mcwilli...@gmail.com>: > >> I know it depends on the browser but this is a best effort thing and am > >> looking for input on my current plan. > >> > >> When user signs on send the current date/time of the client along with > >> credentials and record the offset in the session (if any). > >> > >> All subsequent pages will have a hidden date/time field. On page load > >> check that this field is within a small time frame (30s seconds), if it > >> is not then reload the page. > >> > >> Are there any tools for struts2 or methods other struts programers use > >> to address security after signing out? > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >> For additional commands, e-mail: user-h...@struts.apache.org > >> > >> > > > > > > > > -- > > Maurizio Cucchiara > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org