Hi Adam,
thanks for your reply,
i'm using actions (auth-login, etc...) but i don't see how your method would fix the problem.
the actions also test if the user is already identified, and redirect him to the right page if it's the case.
But the problem comes from the fact that no request is sent to the server when hitting the back button, so if the server doesn't get the request, it can't send the right answer... at least i think so :-)
do you have any specific browser cache configuration on the login page ?
Marc
Adam Ratcliffe a �crit :
Hi Marc
Are you using flowscript based authentication or actions?
In my application I use the flowscript authentication functions, see the flow samples in the authentication-fw block. My login function, called when the login form is submitted, looks like this:
function login() { var handler = cocoon.parameters["handler"];
if (auth_isAuthenticated(handler)) { success(); } else if (auth_login(handler, null, cocoon.parameters)) { success(); } else { failure(); } }
So if the user is already authenticated they will be redirected to the protected resource without being re-authenticated.
HTH Adam
-----Original Message----- From: Marc Salvetti [mailto:[EMAIL PROTECTED] Sent: Wednesday, 16 March 2005 11:41 p.m. To: [email protected] Subject: browser's back button and authentication framework
Hello,
i'm meeting a problem with the authentication framework : if a user press the back button after beeing logged in and redirected from the login page, he is able to try to log in again, and gets the error "user already authenticated" I tried to use the pragma no-cache instructions to prevent the browser from caching the login page, but with no success, the form is still displayed on click of the back button.
Does someone have a workaround to this problem ? thanks,
Marc
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
